reconfigure arayat

README.md

@@ -326,6 +326,14 @@ The following table is giving a list of error codes with explanation:
 | 16        | Invalid options provided with cron mode activated           |
 | 17        | Missing or invalid status file, can't resume                |
 | 18        | Module file don't exists or is empty                        |
+| 20        | Ambigous realm with autodetection                           |
+| 21        | Unconsistant directory structure with configured realm      |
+| 22        | Required secret management software missing                 |
+| 23        | Secret key not found in secret database                     |
+| 24        | File is not readable                                        |
+| 25        | Needed variable not set or not declared                     |
+| 26        | Secret reference missing or malformed                       |
+| 27        | Unknown secret reference                                    |
 | 50..100   | Error in module execution                                   |
 | 126       | Command exists but is not executable                        |
 | 127       | Command not found                                           |
@@ -392,7 +400,7 @@ You can mail author to fatalerrors \<at\> geoffray-levasseur \<dot\> org.
 
 -----------------------------------------------------------------------------
 
-Documentation (c) 2019-2022 Geoffray Levasseur.
+Documentation (c) 2019-2025 Geoffray Levasseur.
 
 This file is distributed under3-clause BSD license. The complete license
 agreement can be obtained at: https://opensource.org/licenses/BSD-3-Clause

README.txt

@@ -1,4 +0,0 @@
-This is deployment scripts for LEGOS git repository created on 2021-05-31-11:31:04
-An english version for general purpose is available at https://www.geoffray-levasseur.org/init
-
-Check README.md for details.

conf/auto/debian-12.conf.sh

@@ -0,0 +1,4 @@
+# Check debian.conf file for general declaration
+# This is specific for version 12
+
+export NTP_SERV=ntpsec

conf/auto/debian-13.conf.sh

@@ -0,0 +1,6 @@
+# Check debian.conf file for general declaration
+# This is specific for version 13
+
+export NTP_SERV=ntpsec
+export SOURCE_EXT=source
+export NO_MAIN_SOURCE=true

conf/auto/debian.conf.sh

@@ -19,6 +19,9 @@ export COM_AUTOREM="autoremove --purge -y"
 # This is not used by init.sh
 export DEBIAN_FRONTEND=noninteractive
 
+# Configure how apt behave regarding source.list files
+export NO_MAIN_SOURCE=false
+
 # Conf chemin
 export RC_SCRIPTS_PATH="/etc/init.d"
 

conf/auto/devuan-6.conf.sh

@@ -0,0 +1,4 @@
+# Check devuan.conf file for general declaration
+# This is specific for version 6
+
+export NTP_SERV=ntpsec

conf/auto/devuan.conf.sh

@@ -11,8 +11,10 @@
 . $MYPATH/conf/auto/debian.conf.sh
 
 # Except init system :
+# Note that as Devuan allow also Runit, we should be able to detect correct init system.
 # Init SystemV ou OpenRC:
 export INIT_COM="$RC_SCRIPTS_PATH/%srv% %com%"
+
 # Init Systemd:
 #export INIT_COM="systemctl %comm% %srv%"
 # Init Upstart (plus ou moins universel)

conf/geoffray-levasseur.org/arayat.conf.sh

@@ -41,10 +41,10 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
 NET4_NS_SEARCH_eth0=$REALM
 
 NET4_MODE_eth1="static"
-NET4_IP_eth1="192.168.74.220/24"
+NET4_IP_eth1="192.168.74.100/24"
 
 NET4_MODE_eth2="static"
-NET4_IP_eth2="10.0.254.220/16"
+NET4_IP_eth2="10.42.250.100/16"
 
 IPV6_IFACES="eth0 eth1"
 
@@ -63,7 +63,7 @@ NET6_IP_eth1="2a03:7220:8081:b34a::dc/64"
 INTALL_MODE=full
 
 # Paquets additionnels
-PKGSEL="$PKGSEL iptables fail2ban curl"
+PKGSEL="$PKGSEL iptables curl"
 
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------

conf/geoffray-levasseur.org/banahaw.conf.sh

@@ -0,0 +1,71 @@
+# Fichier de configuration principal
+
+# ------------------------------------------------------------------------------
+# -------------------- Importation de paramêtres globaux -----------------------
+# ------------------------------------------------------------------------------
+
+# Importe les paramètres geoffray-levasseur.org
+. $MYPATH/conf/includes/gl.conf.sh
+
+# Importe la sélection de paquets par défaut
+. $MYPATH/conf/includes/pkgsel.base.conf.sh
+
+# Les paramètres précédemment importés sont surchargeable après cette ligne
+
+# ------------------------------------------------------------------------------
+# ------------------------------ General Section -------------------------------
+# ------------------------------------------------------------------------------
+
+# User of the machine (must exists)
+MAINUSER=root
+
+# Pilotes X11 non libre à installer ?
+#X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
+
+# Authentication: use LDAP+Kerberos ?
+WITH_LDAP_KERB=no
+
+# Users to create, add or remove
+REMOVE_USERS=fatal
+
+# Network
+IPV4_IFACES="eth0 eth1"
+
+NET4_MODE_eth0="static"
+NET4_IP_eth0="192.168.1.201/24"
+NET4_GW_eth0="192.168.1.230"
+NET4_NS_eth0="192.168.1.205 192.168.1.206"
+NET4_NS_SEARCH_eth0=$REALM
+
+NET4_MODE_eth1="static"
+NET4_IP_eth1="10.42.0.201/16"
+
+IPV6_IFACES=""
+
+#NET6_MODE_eth0="static"
+#NET6_IP_eth0="2a03:7220:8081:b301::dd/64"
+#NET6_GW_eth0="2a03:7220:8081:b301::e7"
+#NET6_NS_eth0="2a03:7220:8081:b301::ce 2a03:7220:8081:b301::cd"
+#NET6_NS_SEARCH_eth0=$REALM
+
+#NET6_MODE_eth1="static"
+#NET6_IP_eth1="2a03:7220:8081:b34a::dd/64"
+
+
+# Mode d'installation :
+# * dev : installe les paquets un par un avec apt (lent)
+# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
+INTALL_MODE=full
+
+# Paquets additionnels
+PKGSEL="$PKGSEL time traceroute apache2 graphviz php smbclient poppler-utils \
+        php-cgi php-cli php-gd php-sqlite3 php-pear rsync"
+
+# ------------------------------------------------------------------------------
+# -------------------------- Section modules d'init ----------------------------
+# ------------------------------------------------------------------------------
+
+# Liste des modules à executer (surchargeable en ligne de commande)
+MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
+	conf_mail install_pkg install_profile patch_snmp install_mkagent \
+        conf_syslog conf_network"

conf/geoffray-levasseur.org/biliran.conf.sh

@@ -0,0 +1,74 @@
+# Fichier de configuration principal
+
+# ------------------------------------------------------------------------------
+# -------------------- Importation de paramêtres globaux -----------------------
+# ------------------------------------------------------------------------------
+
+# Importe les paramètres geoffray-levasseur.org
+. $MYPATH/conf/includes/gl.conf.sh
+
+# Importe la sélection de paquets par défaut
+. $MYPATH/conf/includes/pkgsel.base.conf.sh
+
+# Les paramètres précédemment importés sont surchargeable après cette ligne
+
+# ------------------------------------------------------------------------------
+# ------------------------------ General Section -------------------------------
+# ------------------------------------------------------------------------------
+
+# User of the machine (must exists)
+MAINUSER=root
+
+# Pilotes X11 non libre à installer ?
+#X11_DRV="virtualbox-guest-dkms virtualbox-guest-utils virtualbox-guest-x11"
+
+# Authentication: use LDAP+Kerberos ?
+WITH_LDAP_KERB=no
+
+# Users to create, add or remove
+#LOCAL_USERS="$MAINUSER"
+#REMOTE_USERS="kroot"
+REMOVE_USERS=fatal
+
+# Network
+IPV4_IFACES="eth0 eth1 eth2"
+
+NET4_MODE_eth0="static"
+NET4_IP_eth0="192.168.1.202/24"
+NET4_GW_eth0="192.168.1.230"
+NET4_NS_eth0="192.168.1.205 192.168.1.206"
+NET4_NS_SEARCH_eth0=$REALM
+
+NET4_MODE_eth1="static"
+NET4_IP_eth1="192.168.74.220/24"
+
+NET4_MODE_eth2="static"
+NET4_IP_eth2="10.42.250.220/16"
+
+IPV6_IFACES=""
+
+NET6_MODE_eth0="static"
+NET6_IP_eth0="2a03:7220:8081:b301::cd/64"
+NET6_GW_eth0="2a03:7220:8081:b301::e6"
+NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
+NET6_NS_SEARCH_eth0=$REALM
+
+NET6_MODE_eth1="static"
+NET6_IP_eth1="2a03:7220:8081:b34a::ce/64"
+
+# Mode d'installation :
+# * dev : installe les paquets un par un avec apt (lent)
+# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
+INTALL_MODE=full
+
+# Paquets additionnels
+PKGSEL="$PKGSEL"
+
+# ------------------------------------------------------------------------------
+# -------------------------- Section modules d'init ----------------------------
+# ------------------------------------------------------------------------------
+
+# Liste des modules à executer (surchargeable en ligne de commande)
+MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
+	conf_mail install_pkg install_profile patch_snmp install_mkagent \
+        conf_syslog conf_network"

conf/geoffray-levasseur.org/labo.conf.sh

@@ -26,12 +26,10 @@ MAINUSER=root
 WITH_LDAP_KERB=no
 
 # Users to create, add or remove
-#LOCAL_USERS="$MAINUSER"
-#REMOTE_USERS="kroot"
 REMOVE_USERS="fatal"
 
 # Network
-IPV4_IFACES="eth0 eth1 eth2"
+IPV4_IFACES="eth0 eth1"
 
 NET4_MODE_eth0="static"
 NET4_IP_eth0="192.168.1.207/24"
@@ -40,15 +38,15 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
 NET4_NS_SEARCH_eth0=$REALM
 
 NET4_MODE_eth1="static"
-NET4_IP_eth1="10.0.254.207/16"
+NET4_IP_eth1="10.42.250.180/16"
 
-IPV6_IFACES="eth0"
+IPV6_IFACES=""
 
-NET6_MODE_eth0="static"
+#NET6_MODE_eth0="static"
-NET6_IP_eth0="2a03:7220:8081:b301::cf/64"
+#NET6_IP_eth0="2a03:7220:8081:b301::cf/64"
-NET6_GW_eth0="2a03:7220:8081:b301::e6"
+#NET6_GW_eth0="2a03:7220:8081:b301::e6"
-NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
+#NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
-NET6_NS_SEARCH_eth0=$REALM
+#NET6_NS_SEARCH_eth0=$REALM
 
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
@@ -56,7 +54,7 @@ NET6_NS_SEARCH_eth0=$REALM
 INTALL_MODE=full
 
 # Paquets additionnels
-PKGSEL="$PKGSEL nsd"
+PKGSEL="$PKGSEL nsd ldnsutils haveged"
 
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------
@@ -64,5 +62,5 @@ PKGSEL="$PKGSEL nsd"
 
 # Liste des modules à executer (surchargeable en ligne de commande)
 MODULE_LIST="conf_ntp upgrade_dist conf_ceph authnz conf_locale conf_ssh \
-	conf_mail install_pkg install_profile patch_snmp install_mkagent \
+	conf_mail install_pkg install_profile patch_snmp \
         conf_syslog conf_network"

conf/geoffray-levasseur.org/latukan.conf.sh

@@ -31,7 +31,7 @@ WITH_LDAP_KERB=no
 REMOVE_USERS=
 
 # Network
-IPV4_IFACES="ens18 ens19"
+IPV4_IFACES="eth0 eth1"
 
 NET4_MODE_eth0="static"
 NET4_IP_eth0="192.168.1.235/24"
@@ -40,20 +40,21 @@ NET4_NS_eth0="192.168.1.205 192.168.1.206"
 NET4_NS_SEARCH_eth0=$REALM
 
 NET4_MODE_eth1="static"
-NET4_IP_eth1="10.0.254.235/16"
+NET4_IP_eth1="10.42.250.30/24"
 
 IPV6_IFACES="eth0"
 
 NET6_MODE_eth0="static"
-NET6_IP_eth0="2a03:7220:8081:b301::eb/64"
+NET6_IP_eth0="2a03:7220:8081:b301::1e/64"
 NET6_GW_eth0="2a03:7220:8081:b301::e7"
 NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
 NET6_NS_SEARCH_eth0=$REALM
 
-
+# Gestionnaire de paquet :
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
+NO_MAIN_SOURCE=false
 INTALL_MODE=full
 
 # Paquets additionnels

conf/geoffray-levasseur.org/mariveles.conf.sh

@@ -26,8 +26,6 @@ MAINUSER=root
 WITH_LDAP_KERB=no
 
 # Users to create, add or remove
-#LOCAL_USERS="$MAINUSER"
-#REMOTE_USERS="kroot"
 REMOVE_USERS=fatal
 
 # Network
@@ -35,28 +33,17 @@ IPV4_IFACES="eth0"
 
 NET4_MODE_eth0="static"
 NET4_IP_eth0="192.168.1.241/24"
-NET4_GW_eth0="192.168.1.230"
+NET4_GW_eth0="192.168.1.232"
-NET4_NS_eth0="192.168.1.205 192.168.1.206"
+NET4_NS_eth0="192.168.1.202 192.168.1.206"
 NET4_NS_SEARCH_eth0=$REALM
 
-NET4_MODE_eth1="static"
-NET4_IP_eth1="10.0.254.241/16"
-
-IPV6_IFACES="eth0"
-
-NET6_MODE_eth0="static"
-NET6_IP_eth0="2a03:7220:8081:b301::f1/64"
-NET6_GW_eth0="2a03:7220:8081:b301::e6"
-NET6_NS_eth0="2a03:7220:8081:b301::cd 2a03:7220:8081:b301::ce"
-NET6_NS_SEARCH_eth0=$REALM
-
 # Mode d'installation :
 # * dev : installe les paquets un par un avec apt (lent)
 # * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
 INTALL_MODE=full
 
 # Paquets additionnels
-PKGSEL="$PKGSEL cups printer-driver-hpcups printer-driver-postscript-hp hplip avahi-daemon printer-driver-gutenprint cups-browsed policykit-1"
+PKGSEL="$PKGSEL qbittorrent xhost falkon"
 
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------

conf/geoffray-levasseur.org/natib.conf.sh

@@ -40,9 +40,9 @@ NET4_NS_eth0="192.168.1.206 192.168.1.205"
 NET4_NS_SEARCH_eth0=$REALM
 
 NET4_MODE_eth1="static"
-NET4_IP_eth1="10.0.254.208/16"
+NET4_IP_eth1="10.42.0.208/16"
 
-IPV6_IFACES="eth0"
+IPV6_IFACES=""
 
 NET6_MODE_eth0="static"
 NET6_IP_eth0="2a03:7220:8081:b301::d0/64"
@@ -56,7 +56,7 @@ NET6_NS_SEARCH_eth0=$REALM
 INTALL_MODE=full
 
 # Paquets additionnels
-PKGSEL="$PKGSEL nsd"
+PKGSEL="$PKGSEL nsd ldnsutils haveged"
 
 # ------------------------------------------------------------------------------
 # -------------------------- Section modules d'init ----------------------------

conf/includes/gl.conf.sh

@@ -19,22 +19,27 @@ export REMOVE_USERS="fatal"
 export NTP_SERVERS="didicas.$REALM cagua.$REALM"
 
 # Ceph share
-export CEPH_SRV_NAMES="mayon pinatubo ragang taal jolo"
+export CEPH_SRV_NAMES="mayon pinatubo ragang taal"
 export CEPHIP_mayon="192.168.1.254"
 export CEPHIP_pinatubo="192.168.1.253"
 export CEPHIP_ragang="192.168.1.252"
 export CEPHIP_taal="192.168.1.251"
-export CEPHIP_jolo="192.168.1.30"
+export CEPH_SECRET="file:/tmp/ceph_secret"
-export CEPH_SECRET="AQAxSf5c2A/CMxAAnOu1RrSf7Yr2h60CLttq4g=="
+export CEPH_MOUNTS="datastore mediastore"
+export CEPH_MP_datastore="/srv/ceph"
+export CEPH_MP_mediastore="/srv/media"
 export SHARED_HOME="false"
 
 # SSH
 export SSHD_PERMITROOT_RANGE="192.168.1.0/24"
 
 # Check MK
-export MK_VERSION="2.2.0b6-1"
+#export MK_VERSION="2.4.0p12-1" #shoud be autodetected now
-export MK_URL="https://nagios.geoffray-levasseur.org/check_mk/check_mk/agents/check-mk-agent_${MK_VERSION}_all.deb"
 export MK_SERVER_IP="192.168.1.201"
+export MK_SITE="check_mk"
+export MK_URL="http://$MK_SERVER_IP/$MK_SITE/check_mk/agents/check-mk-agent_latest_all.deb"
+export MK_SECRET="file:/share/services/gestparc/mk_secret"
+export MK_USER="cmk-agent"
 
 # Samba
 export SMBSRV="silay.$REALM"

conf/includes/mam.conf.sh

@@ -41,7 +41,7 @@ export MOUNTPOINT_data="/data"
 export SSHD_PERMITROOT_RANGE="10.254.1.0/24"
 
 # Check MK
-export MK_VERSION="2.2.0b6-1"
+export MK_VERSION="2.2.0p21-1"
 export MK_URL="http://192.168.1.201/check_mk/check_mk/agents/check-mk-agent_${MK_VERSION}_all.deb"
 export MK_SERVER_IP="192.168.1.201"
 

conf/includes/pkgsel.base.conf.sh

@@ -1,19 +1,19 @@
 # List of package to install - Minimal server
 
 # Packages to remove after installation
-export PKGS_RMLIST="apparmor laptop-detect resolvconf snapd xauth wamerican chafa"
+export PKGS_RMLIST="apparmor laptop-detect resolvconf snapd wamerican chafa"
 
 # Packages where installation is forbidden
 export PKGS_BLACKLIST="apparmor resolvconf chafa snapd"
 
 # Base
-export PKGS_BASE="debconf-utils debhelper deborphan ethtool cpufrequtils \
+export PKGS_BASE="debconf-utils debhelper ethtool \
     curl hwinfo lm-sensors libatasmart-bin lsscsi pciutils vim emacs-nox \
     mailutils htop lsof ltrace strace bash-completion host dnsutils \
-    sysbench sysstat ifstat iftop iotop mtr-tiny tcpdump mc pbzip2 pigz \
+    sysstat ifstat iftop iotop mtr-tiny tcpdump mc pbzip2 pigz \
     xz-utils zip unzip plzip lzip ftp lftp bc dc dos2unix psmisc udunits-bin \
-    whois tmux screen debconf-doc dump figlet gawk gpm multitail neofetch nmap \
+    whois tmux screen debconf-doc dump figlet gawk multitail fastfetch nmap \
-    oping pv whois traceroute rsync tree git qemu-guest-agent"
+    oping pv traceroute rsync tree git qemu-guest-agent ca-certificates"
 
 # Agregation of the package lists
 export PKGSEL="$PKGS_BASE"

conf/includes/tetalab.conf.sh

@@ -6,8 +6,8 @@ export REALM="tetalab.local"
 export NTP_SERVERS="ntp1.$REALM"
 
 # Upgrade_dist variables
-#export PROXYAPT="acng.$REALM"
+export PROXYAPT="acng.$REALM"
-#export PROXYAPTPORT="3142"
+export PROXYAPTPORT="3142"
 
 # Authnz variables
 export DEFAULT_SHELL="/bin/bash"

conf/mixart-myrys.org/kronotsky.conf.sh

@@ -0,0 +1,62 @@
+# Fichier de configuration principal
+
+# ------------------------------------------------------------------------------
+# -------------------- Importation de paramêtres globaux -----------------------
+# ------------------------------------------------------------------------------
+
+# Importe les paramètres geoffray-levasseur.org
+. $MYPATH/conf/includes/mam.conf.sh
+
+# Importe la sélection de paquets par défaut
+. $MYPATH/conf/includes/pkgsel.base.conf.sh
+
+# Les paramètres précédemment importés sont surchargeable après cette ligne
+
+# ------------------------------------------------------------------------------
+# ------------------------------ General Section -------------------------------
+# ------------------------------------------------------------------------------
+
+# User of the machine (must exists)
+MAINUSER=root
+
+# Authentication: use LDAP+Kerberos ?
+WITH_LDAP_KERB=no
+
+# Users to create, add or remove
+#REMOVE_USERS=fatal
+
+# Network
+IPV4_IFACES="eth0 eth1"
+
+NET4_MODE_eth0="static"
+NET4_IP_eth0="10.254.1.20/24"
+
+NET4_MODE_eth1="static"
+NET4_IP_eth1="10.0.254.20/16"
+NET4_GW_eth1="10.0.254.254"
+NET4_NS_eth1="10.0.254.250"
+NET4_NS_SEARCH_eth1=$REALM
+
+#IPV6_IFACES="eth0"
+
+NET6_MODE_eth0="static"
+NET6_IP_eth0="2a03:7220:8085:6b01::a/64"
+NET6_GW_eth0="2a03:7220:8085:6b01::1"
+NET6_NS_eth0="2a03:7220:8085:6b01::a"
+NET6_NS_SEARCH_eth0=$REALM
+
+# Mode d'installation :
+# * dev : installe les paquets un par un avec apt (lent)
+# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
+INTALL_MODE=full
+
+# Paquets additionnels
+PKGSEL="$PKGSEL"
+
+# ------------------------------------------------------------------------------
+# -------------------------- Section modules d'init ----------------------------
+# ------------------------------------------------------------------------------
+
+# Liste des modules à executer (surchargeable en ligne de commande)
+MODULE_LIST="conf_ntp upgrade_dist authnz conf_locale conf_ssh conf_syslog \
+	install_pkg install_profile conf_network conf_nfs"

conf/pcp-e3s.conf.sh

@@ -0,0 +1,46 @@
+# Fichier de configuration principal
+
+# ------------------------------------------------------------------------------
+# -------------------- Importation de paramêtres globaux -----------------------
+# ------------------------------------------------------------------------------
+
+# Importe les paramètres pour le lan E-3S
+. $MYPATH/conf/includes/e3s.conf.sh
+
+# Importe la sélection de paquets par défaut
+. $MYPATH/conf/includes/pkgsel.base.conf.sh
+
+# Les paramètres précédemment importés sont surchargeable après cette ligne
+
+# ------------------------------------------------------------------------------
+# ------------------------------ General Section -------------------------------
+# ------------------------------------------------------------------------------
+
+# User of the machine (must exists)
+MAINUSER=root
+
+# Authentication: use LDAP+Kerberos ?
+WITH_LDAP_KERB=no
+
+# Network
+IPV4_IFACES="ens192"
+
+NET4_MODE_ens192="dhcp"
+
+IPV6_IFACES=""
+
+# Mode d'installation :
+# * dev : installe les paquets un par un avec apt (lent)
+# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
+INTALL_MODE=full
+
+# Paquets additionnels
+PKGSEL="$PKGSEL"
+
+# ------------------------------------------------------------------------------
+# -------------------------- Section modules d'init ----------------------------
+# ------------------------------------------------------------------------------
+
+# Liste des modules à executer (surchargeable en ligne de commande)
+MODULE_LIST="conf_ntp upgrade_dist conf_locale conf_ssh \
+	install_pkg install_profile"

conf/tetalab.local/nisyros.conf.sh

@@ -0,0 +1,44 @@
+# Fichier de configuration principal
+
+# ------------------------------------------------------------------------------
+# -------------------- Importation de paramêtres globaux -----------------------
+# ------------------------------------------------------------------------------
+
+# Importe les parametres tetalab.local
+. $MYPATH/conf/includes/tetalab.conf.sh
+
+# Importe la selection de paquets par defaut
+. $MYPATH/conf/includes/pkgsel.base.conf.sh
+
+# Les paramètres précédemment importés sont surchargeable après cette ligne
+
+# ------------------------------------------------------------------------------
+# ------------------------------ General Section -------------------------------
+# ------------------------------------------------------------------------------
+
+# User of the machine (must exists)
+MAINUSER=root
+
+# Authentication: use LDAP+Kerberos ?
+WITH_LDAP_KERB=no
+
+# Users to create, add or remove
+REMOVE_USERS=fatal
+
+# Mode d'installation :
+# * dev : installe les paquets un par un avec apt (lent)
+# * full : envoie d'un seul coup la liste de tous les paquets à apt (rapide)
+INTALL_MODE=full
+
+# Paquets additionnels
+PKGSEL="$PKGSEL nfs-kernel-server"
+PKGS_RMLIST=""
+PKGS_BLACKLIST=""
+
+# ------------------------------------------------------------------------------
+# -------------------------- Section modules d'init ----------------------------
+# ------------------------------------------------------------------------------
+
+# Liste des modules à executer (surchargeable en ligne de commande)
+MODULE_LIST="conf_ntp upgrade_dist authnz conf_locale  \
+	install_pkg install_profile patch_snmp"

conf/tetamix.local

@@ -0,0 +1 @@
+/share/services/scripts/init.sh/conf/mixart-myrys.org

init.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 # ------------------------------------------------------------------------------
 # Init.sh: initialise a computer and conform it
-# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -36,7 +36,7 @@ export LC_ALL=C
 export LANG=C
 
 # Version of init
-export VERSION="0.99.20"
+export VERSION="0.99.24"
 
 # Store script's path (realpath -s resolve symlinks if init.sh is a symlink)
 export MYPATH=$(dirname "$(realpath -s "$0")")
@@ -44,6 +44,9 @@ export MYPATH=$(dirname "$(realpath -s "$0")")
 # Get hostname
 export HOSTNAME=$(hostname)
 
+# Get realm or domain name
+export REALM=${REALM:-$(hostname -d)}
+
 # Load libraries
 for lib in $MYPATH/lib/*.sh; do
     . "$lib"

lib/aaa_errors.sh

@@ -1,7 +1,8 @@
+#!/bin/bash
 # ------------------------------------------------------------------------------
 # Error management functions
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -29,9 +30,10 @@ function die()
     unset errorcode
 
     # Put the trigger back (only executed with --keepgoing)
-    trap "error ${LINENO}" ERR
+    trap 'error ${LINENO}' ERR
 }
 export -f die
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -41,8 +43,10 @@ function terminate()
     prnt E "$1 recieved, exiting at once."
     die 128 --force
 }
+export -f terminate
 trap "terminate 'Ctrl + C'" SIGINT
 trap "terminate 'SIGTERM'"  SIGTERM
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -64,8 +68,10 @@ function error()
     fi
     unset parent_lineno message code
 }
+export -f error
 # Trigger error function on error
 trap "error ${LINENO}; backtrace; err_exit" ERR
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -73,12 +79,14 @@ trap "error ${LINENO}; backtrace; err_exit" ERR
 function err_exit
 {
     if [[ $KEEPGOING != true ]]; then
-        if [[ -f $tmpfile ]]; then
+        if [[ -f "$tmpfile" ]]; then
-            rm -f $tmpfile
+            rm -f "$tmpfile"
         fi
         exit 255
     fi
 }
+export -f err_exit
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -94,11 +102,14 @@ function backtrace
             printf '%15s() %s:%d\n' \
                 "$func" "${BASH_SOURCE[$i]}" "${BASH_LINENO[ (( $i - 1)) ]}"
         fi
-        let i++ || true
+        (( i++ )) || true
     done
     unset func i
     echo "=============================="
 }
+export -f backtrace
+# ------------------------------------------------------------------------------
+
 
 
 # ------------------------------------------------------------------------------
@@ -120,10 +131,11 @@ noerror()
     fi
     echo $?
 
-    trap "error ${LINENO}" ERR
+    trap 'error ${LINENO}' ERR
     set -o errexit
 }
 export -f noerror
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -139,5 +151,6 @@ check_root()
     fi
 }
 export -f check_root
+# ------------------------------------------------------------------------------
 
 # EOF

lib/chroot.sh

@@ -1,7 +1,8 @@
+#!/bin/bash
 # ------------------------------------------------------------------------------
 # Chroot system functions
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -13,36 +14,38 @@
 # If chrooted, we need to bootstrap to a new copy of our directory tree
 chroot_bootstrap()
 {
-    if [[ ! -d $CHROOT_PATH ]]; then
+    if [[ ! -d "$CHROOT_PATH" ]]; then
         prnt E "The path given to chroot don't exists."
         die 14
     fi
-    if [[ ! -d $CHROOT_PATH/tmp ]]; then
+    if [[ ! -d "$CHROOT_PATH/tmp" ]]; then
         prnt E "The target filesystem doesn't seems to be a valid installation."
         die 15
     fi
 
-    local tmpdir=$(mktemp -d $CHROOT_PATH/tmp/init.sh-XXXX)
+    local tmpdir=$(mktemp -d "$CHROOT_PATH/tmp/init.sh-XXXX")
     local bootstrap_items="conf lib modules repo bash.rc init.sh prepost.d"
     if [[ $RESUME == true ]]; then
         bootstrap_items="$bootstrap_items $STAGE_FILE"
     fi
 
     prnt I "Preparing root change."
-    cp -av $bootstrap_items $tmpdir
+    cp -av $bootstrap_items "$tmpdir"
 
     prnt I "Changing root and starting a fork of init.sh..."
     # on the following line, true allows to correctly exit in case of error since
     # errors are managed by the chrooted environment
-    chroot $CHROOT_PATH /bin/bash -c 'CHROOT_DONE=true; $tmpdir/init.sh $@' || true
+    chroot "$CHROOT_PATH" /bin/bash -c 'CHROOT_DONE=true; "$tmpdir/init.sh" "$@"' || true
 
     # If stage file still exists we copy it to be able to resume later
-    if [[ -e $tmpdir/$(basename $STAGE_FILE) ]]; then
+    if [[ -e "$tmpdir/$(basename "$STAGE_FILE")" ]]; then
-        cp $tmpdir/$(basename $STAGE_FILE) $STAGE_FILE
+        cp "$tmpdir/$(basename "$STAGE_FILE")" "$STAGE_FILE"
     fi
 
     prnt I "Back to host system and clean up."
-    rm -rf $tmpdir
+    rm -rf "$tmpdir"
 }
+export -f chroot_bootstrap
+# ------------------------------------------------------------------------------
 
 # EOF

lib/command_line.sh

@@ -1,7 +1,8 @@
+#!/bin/env bash
 # ------------------------------------------------------------------------------
 # Main program functions
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -14,39 +15,46 @@
 # errors with immediate exit.
 read_commandline()
 {
-    syntax_error()
-    {
-	prnt E "Error while analysing command line parameters."
-	die 1 --force
-    }
-
     # Processing command line options
-    local want_module=false
-    local want_logfile=false
-    local want_conffile=false
-    local want_chroot=false
     local opt=
-    for opt in $@; do
+    local params=''
-	case $opt in
+    params=$(getopt -n init.sh -o hvm:cjkrRDoPl:f:s \
+	     --long help,version,module:,check-only,jump,keep-going,resume,no-root-check,no-deps,offline,no-proxy,logfile:,file:,shell,chroot,cron \
+	     -- "$@")
+    eval set -- "$params"
+    while true; do
+	case $1 in
 	    "-h"|"--help")
 		disp_help
+		shift
 		exit 0
 		;;
 	    "-v"|"--version")
 		show_version
+		shift
 		exit 0
 		;;
 	    "-m"|"--module")
-		local want_module=true
+		if [[ -z $MANUAL_MODULE_LIST ]]; then
+		    export MANUAL_MODULE_LIST="$2"
+		else
+		    prnt E "A module list have already been given!"
+		    prnt E "Commande line only tolerate one --module parameter."
+		    die 1 --force
+		fi
+		shift 2
 		;;
 	    "-c"|"--check-only")
 		export CHECK_ONLY=true
+		shift
 		;;
 	    "-j"|"--jump")
 		export JUMP=true
+		shift
 		;;
 	    "-k"|"--keep-going")
 		export KEEPGOING=true
+		shift
 		;;
 	    "-r"|"--resume")
 		if [[ -s $STAGE_FILE ]]; then
@@ -56,93 +64,71 @@ read_commandline()
 		    prnt E "Without it, resuming is impossible."
 		    die 17 --force
 		fi
+		shift
 		;;
 	    "-R"|"--no-root-check")
 		export NO_ROOT_CHECK=true
+		shift
 		;;
 	    "-D"|"--no-deps")
 		export NO_DEPS=true
+		shift
 		;;
 	    "-o"|"--offline")
 		export OFFLINE=true
+		shift
 		;;
 	    "-P"|"--no-proxy")
 		export NO_PROXY=true
+		shift
 		;;
 	    "-l"|"--logfile")
-		local want_logfile=true
-		;;
-	    "-f"|"--file")
-		local want_conffile=true
-		;;
-	    "-s"|"--shell")
-		export RUN_SHELL=true
-		;;
-	    "--chroot")
-		local want_chroot=true
-		;;
-	    "--cron")
-		export CRON_MODE=true
-		;;
-	    *)
-		if [[ $want_module == true ]]; then
-		    [[ $want_logfile == true ]] && synthax_error
-		    [[ $want_conffile == true ]] && synthax_error
-		    [[ $want_chroot == true ]] && synthax_error
-		    if [[ -z $MANUAL_MODULE_LIST ]]; then
-			export MANUAL_MODULE_LIST=$opt
-			want_module=false
-		    else
-			prnt E "A module list have already been given!"
-			prnt E "Commande line only tolerate one --module parameter."
-			die 1 --force
-		    fi
-		elif [[ $want_logfile == true ]]; then
-		    [[ $want_module == true ]] && synthax_error
-		    [[ $want_conffile == true ]] && synthax_error
-		    [[ $want_chroot == true ]] && synthax_error
 		if [[ -z $NEW_LOGFILE ]]; then
-			export NEW_LOGFILE=$opt
+		    export NEW_LOGFILE=$2
-			want_logfile=false
 		else
 		    prnt E "Impossible to specify several log files."
 		    die 1 --force
 		fi
-		elif [[ $want_conffile == true ]]; then
+		shift 2
-		    [[ $want_module == true ]] && synthax_error
+		;;
-		    [[ $want_logfile == true ]] && synthax_error
+	    "-f"|"--file")
-		    [[ $want_chroot == true ]] && synthax_error
+		export CONFFILES="$CONFFILES $2"
-		    export CONFFILES="$CONFFILES $opt"
+		shift 2
-		    want_logfile=false
+		;;
-		elif [[ $want_chroot == true ]]; then
+	    "-s"|"--shell")
-		    [[ $want_module == true ]] && synthax_error
+		export RUN_SHELL=true
-		    [[ $want_logfile == true ]] && synthax_error
+		shift
-		    [[ $want_conffile == true ]] && synthax_error
+		;;
+	    "--chroot")
 		if [[ -z $CHROOT_PATH ]]; then
-			export CHROOT_PATH=$opt
+		    export CHROOT_PATH=$2
-			want_chroot=false
 		else
 		    prnt E "A chroot path have already been given."
 		    die 1 --force
 		fi
-		else
+		shift 2
-		    prnt E "Unknow parameter \"$opt\"."
+		;;
-		    die 1 --force
+	    "--cron")
+		export CRON_MODE=true
+		shift
+		;;
+	    --)
+		shift
+		break
+		;;
+	    *)
+		if [[ -n $1 ]]; then
+                    prnt E "Unknow parameter \"$1\" !"
+                    die 1
                 fi
+                break
 		;;
 	esac
     done
     unset opt
-
-    # If those var are true at that point, something is wrong
-    if [[ $want_logfile == true ]] || [[ $want_module == true ]] ||
-	[[ $want_conffile == true ]] || [[ $want_chroot == true ]]; then
-	syntax_error
-    fi
-
-    unset want_conffile want_logfile want_module want_chroot
 }
 export -f read_commandline
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -180,11 +166,12 @@ process_commandline_and_vars()
 
     # Configure module list
     if [[ -n $MANUAL_MODULE_LIST ]]; then
-	prnt W "A manual module list will be used."
+	prnt W "A manual module list will be used:"
-	export MODULE_LIST=$(echo $MANUAL_MODULE_LIST | sed "s/,/ /g")
+	export MODULE_LIST=${MANUAL_MODULE_LIST//,/ }
+        prnt m " * $MODULE_LIST"
     fi
 
-    # Check for module list existance and basic syntax
+    # Check for module list exis<tance and basic syntax
     if [[ -n $MODULE_LIST ]]; then
 	for mod in $MODULE_LIST; do
 	    if [[ $mod =~ ['-!@#$%\&*=+'] ]]; then
@@ -196,11 +183,12 @@ process_commandline_and_vars()
 		die 18
 	    fi
 	done
-    else
+    elif [[ $RUN_SHELL != "true" ]]; then
 	prnt E "No module to execute!"
 	die 5
     fi
 }
 export -f process_commandline_and_vars
+# ------------------------------------------------------------------------------
 
 # EOF

lib/diskman.sh

@@ -1,7 +1,8 @@
+#!/bin/bash
 # ------------------------------------------------------------------------------
 # Disks and partitions manipulation function
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -34,6 +35,7 @@ blank_disk()
     fi
 }
 export -f blank_disk
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -57,6 +59,7 @@ is_blank()
     fi
 }
 export -f is_blank
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -65,6 +68,8 @@ export -f is_blank
 # Partition size like 10G for 10 GiB, 600M for 600 MiB and so on... Without unit
 # it will use a number of cylinder. 0 will stand for all remaining size.
 # If no partition size is provided we create a single whole disk partition.
+# TODO: support extended partition for DOS type, add error if trying to create
+# more than 4 primary partitions
 mkparts()
 {
     local device=$1 && shit
@@ -82,7 +87,7 @@ mkparts()
 	local tmpfile=$(mktemp sfd.XXXX)
 	if [[ -n $1 ]]; then
 	    # For each given size we make a partition
-	    for $part in $@; do
+	    for part in $@; do
 		# If size is zero we interpret it as all available space
 		if [[ $part == 0 ]]; then
 		    echo ",,L" >> $tmpfile
@@ -104,6 +109,7 @@ mkparts()
     unset device parttype
 }
 export -f mkparts
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -119,6 +125,8 @@ mkfs_gen()
 	fi
     done
 }
+export -f mkfs_gen
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -130,6 +138,7 @@ mkext4()
     unset mkfstool
 }
 export -f mkext4
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -141,6 +150,7 @@ mkxfs()
     unset mkfstool
 }
 export -f mkxfs
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -152,6 +162,7 @@ mkntfs()
     unset mkfstool
 }
 export -f mkntfs
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -163,6 +174,7 @@ mkfat32()
     unset mkfstool
 }
 export -f mkfat32
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -174,6 +186,7 @@ mkbtrfs()
     unset mkfstool
 }
 export -f mkbtrfs
+# ------------------------------------------------------------------------------
 
 
 # EOF

lib/display.sh

@@ -1,7 +1,8 @@
+#!/bin/bash
 # ------------------------------------------------------------------------------
 # Some display functions and defines color codes
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -122,6 +123,7 @@ prnt()
     unset heads echoopt
 }
 export -f prnt
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -141,6 +143,7 @@ separator()
     unset i length
 }
 export -f separator
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -160,6 +163,7 @@ dsleep()
     echo
 }
 export -f dsleep
+# ------------------------------------------------------------------------------
 
 
 # EOF

lib/filefct.sh

@@ -1,7 +1,8 @@
+#!/bin/bash
 # ------------------------------------------------------------------------------
 # File manipulation function
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -34,7 +35,7 @@ backup_dist()
         if [[ -L ${file} ]]; then
             # With symbolik links we call again backup_dist to treat target
             prnt I "Following the symbolic link $file to do a proper backup..."
-	    backup_dist $(readlink -f ${file})
+            backup_dist $(readlink -f "${file}")
         elif [[ -f ${file} ]]; then
             prnt I "Creating a backup of ${file} on $tmstmp..."
             cp -av $file ${file}.dist.${tmstmp}
@@ -57,6 +58,7 @@ backup_dist()
     unset file
 }
 export -f backup_dist
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -92,6 +94,7 @@ select_file()
     unset source
 }
 export -f select_file
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -120,6 +123,7 @@ select_directory()
     unset source
 }
 export -f select_directory
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -134,7 +138,7 @@ install_file()
         prnt E "install_file(): At least two arguments are required."
         die 11
     fi
-    if [[ $(echo $@ | grep "\*\|\?") ]]; then
+    if [[ -n $(echo $@ | grep "\*\|\?") ]]; then
         prnt E "install_file(): Wildcards are not authorized."
         die 7
     fi
@@ -169,6 +173,7 @@ install_file()
     fi
 }
 export -f install_file
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -199,6 +204,7 @@ append_file()
     fi
 }
 export -f append_file
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -215,59 +221,14 @@ is_dir_empty()
         return 0
     fi
 
-    nbfiles=$(ls -a1 $dir | egrep -v '^.$|^..$' | wc -l)
+    nbfiles=$(ls -a1 $dir | grep -Evc '^.$|^..$')
     if [[ $nbfiles -eq 0 ]]; then
         return 0
     fi
     return 1
 }
 export -f is_dir_empty
-
-
 # ------------------------------------------------------------------------------
-# copy and patch a file replacing all @var@ by the corresponding value in
-# the environment or the variable list given in parameter
-patch_file()
-{
-    local srcfile=$(select_file $1) && shift
-    local dstfile=$1 && shift
-    local workfile=${dstfile}.work
-
-    if [[ ! -s $srcfile ]]; then
-	prnt E "patch_file(): Source file is empty, is not a file or don't exists!"
-	die 10
-    fi
-
-    # Create a sub-process, to avoid bash environment pollution
-    (
-	local varlist= pattern=
-	if [[ $# -eq 0 ]] ; then
-	    pattern="-e s/<\(.*\)>/\$\1\$\1/g"
-	else
-	    local var=
-	    for var in $* ; do
-		if ! declare -p $var >/dev/null 2>&1 ; then
-		    local $var=$(eval echo \$$var)
-		fi
-		export $var
-		pattern="$pattern -e s/@$var@/\$$var/g"
-		varlist=$varlist\$$var
-	    done
-	fi
-
-	# sed replace <VAR> with \$$VAR and envsubst do the replace by value
-	sed $pattern $srcfile | envsubst ${varlist:+"$varlist"} > "$workfile"
-    )
-
-    local -a rights=( $(stat --printf="%a %u %g" "$srcfile") )
-    unset srcfile
-    mv "$workfile" "$dstfile"
-    chmod ${rights[0]} "$dstfile"
-    chown ${rights[1]}:${rights[2]} "$dstfile"
-
-    unset rights dstfile
-}
-export -f patch_file
 
 
 # ------------------------------------------------------------------------------
@@ -279,12 +240,12 @@ tag_file()
         if [[ -e $f ]]; then
             sed -i "1s/^/$text\n/" $f
         else
-	    echo $text > $f
+            echo $text | sed "s/modified/generated/" > $f
-	    sed -i -e "s/modified/generated/" $f
         fi
     done
 }
 export -f tag_file
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -300,6 +261,7 @@ file_exists()
     return 0
 }
 export -f file_exists
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -315,6 +277,7 @@ file_must_exists()
     unset mf
 }
 export -f file_must_exists
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -330,6 +293,7 @@ directory_exists()
     return 0
 }
 export -f directory_exists
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -345,6 +309,7 @@ directory_must_exists()
     unset md
 }
 export -f directory_must_exists
+# ------------------------------------------------------------------------------
 
 
 # EOF

lib/loaders.sh

@@ -1,7 +1,8 @@
+#!/bin/bash
 # ------------------------------------------------------------------------------
 # Loaders for conf and prepost functions
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -48,6 +49,7 @@ load_autoconf()
     unset prefix
 }
 export -f load_autoconf
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -58,6 +60,17 @@ export -f load_autoconf
 #   3) <workingdir>/conf/init.conf.sh      	 (Generic default, for testing)
 load_configuration()
 {
+    # --------------------------------------------------------------------------
+    # Get list of possible files to load when REALM is not declared
+    get_files()
+    {
+	for d in $MYPATH/conf/*; do
+	    if [[ -d $d ]]; then
+		find $d -maxdepth 1 -name "$HOSTNAME.conf.sh"
+	    fi
+	done
+    }
+    
     if [[ -n $CONFFILES ]]; then
 	local f=
 	for f in $CONFFILES; do
@@ -72,24 +85,52 @@ load_configuration()
 	unset f
     else
 	prnt I "Loading configuration..."
+	if [[ -z $REALM ]]; then
+	    prnt W "REALM is undeclared, trying to scan configuration subdirectories for this host..."
+	    local found_realms=$(get_files)
+	    case "$(echo $found_realms | wc -w)" in
+		"0")
+		    : # We do nothing as we'll check for other scenario
+		;;
+		"1")
+		    export REALM="$(basename $(dirname $found_realms))"
+		    local auto_realm="$REALM"
+		;;
+		*)
+		    prnt E "More than one file correspond to that host. This is ambigous and need to be fixed."
+		    prnt m "You can fix that situation with one of those actions:"
+		    prnt m "\t * Declare a REALM variable with the actual domain name of the host."
+		    prnt m "\t * Give manually the configuration file using the --file option."
+		    prnt m "\t * Configure the domain name of the host."
+		    die 20 --force
+		;;
+	    esac
+	fi
 	if [[ -e $MYPATH/conf/$REALM/$HOSTNAME.conf.sh ]]; then
 	    prnt I "A specific configuration will be used."
-	    . $MYPATH/conf/$HOSTNAME.conf.sh
+	    local cnffile=$MYPATH/conf/$REALM/$HOSTNAME.conf.sh
+	    if [[ -n $auto_realm && $REALM != $auto_realm ]]; then
+		prnt E "The domain name in the confinguration file don't correspond to the detected domain through directory structure."
+		die 21 --force
+	    fi
 	elif [[ -e $MYPATH/conf/$HOSTNAME.conf.sh ]]; then
 	    prnt I "A specific configuration will be used."
-	    . $MYPATH/conf/$HOSTNAME.conf.sh
+	    local cnffile=$MYPATH/conf/$HOSTNAME.conf.sh
 	else
 	    if [[ -e $MYPATH/conf/init.conf.sh ]]; then
 		prnt I "A generic configuration will be used."
-		. $MYPATH/conf/init.conf.sh
+		local cnffile=$MYPATH/conf/init.conf.sh
 	    else
 		prnt E "No configuration found, impossible to continue."
 		die 6 --force
 	    fi
 	fi
+	prnt I "Loading $cnffile ..."
+	. $cnffile
     fi
 }
 export -f load_configuration
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -104,5 +145,6 @@ load_prepost_actions()
     unset prepost
 }
 export -f load_prepost_actions
+# ------------------------------------------------------------------------------
 
 # EOF

lib/net.sh

@@ -1,7 +1,8 @@
+#!/bin/bash
 # ------------------------------------------------------------------------------
 # Network functions
 # This file is part of the init.sh project
-# Copyright (c) 2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -33,6 +34,7 @@ set_system_proxy()
     fi
 }
 export -f set_system_proxy
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -46,6 +48,7 @@ mask2cidr4()
     echo $(( $2 + (${#x}/4) ))
 }
 export -f mask2cidr4
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -58,6 +61,7 @@ cidr2mask4()
     echo ${1-0}.${2-0}.${3-0}.${4-0}
 }
 export -f cidr2mask4
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -81,6 +85,7 @@ isipv4 ()
     return 1
 }
 export -f isipv4
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -95,6 +100,7 @@ isipv6 ()
     return 1
 }
 export -f isipv6
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -134,6 +140,7 @@ get_network_info()
     done
 }
 export -f get_network_info
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -175,3 +182,6 @@ check_network()
     esac
 }
 export -f check_network
+# ------------------------------------------------------------------------------
+
+# EOF

lib/pkgman.sh

@@ -1,7 +1,8 @@
+#!/bin/bash
 # ------------------------------------------------------------------------------
 # Package manager integration
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -17,6 +18,7 @@ pkgupdt()
     $PKG_MAN $COM_UPDATE
 }
 export -f pkgupdt
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -55,6 +57,7 @@ pkgupgd()
     exec_postupgd
 }
 export -f pkgupgd
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -81,6 +84,7 @@ pkgrm()
     fi
 }
 export -f pkgrm
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -93,6 +97,7 @@ pkgautorm()
     exec_postautorm
 }
 export -f pkgautorm
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -110,6 +115,7 @@ exec_preinst()
     unset pkglist
 }
 export -f exec_preinst
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -128,6 +134,7 @@ exec_postinst()
     unset POSTINSTLIST
 }
 export -f exec_postinst
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -146,6 +153,7 @@ exec_prerm()
     unset pkglist
 }
 export -f exec_prerm
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -164,6 +172,7 @@ exec_postrm()
     unset POSTRMLIST
 }
 export -f exec_postrm
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -181,6 +190,7 @@ exec_preupgd()
     unset pkglist
 }
 export -f exec_preupgd
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -199,6 +209,7 @@ exec_postupgd()
     unset POSTUPGDLIST
 }
 export -f exec_postupgd
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -216,6 +227,7 @@ exec_preautorm()
     unset pkglist
 }
 export -f exec_preautorm
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -225,6 +237,7 @@ exec_postautorm()
     exec_postrm
 }
 export -f exec_postautorm
+# ------------------------------------------------------------------------------
 
 
 # EOF

lib/secret.sh

@@ -0,0 +1,194 @@
+#!/bin/bash
+# ------------------------------------------------------------------------------
+# Secret management functions
+# This file is part of the init.sh project
+# Copyright (c) 2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# ------------------------------------------------------------------------------
+# This file is distributed under 3-clause BSD license.
+# The complete license agreement can be obtained at:
+# https://opensource.org/licenses/BSD-3-Clause
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Get Passbolt
+get_passbolt_secret()
+{
+    local name="$1" secret
+
+    if ! command -v passbolt >/dev/null 2>&1; then
+        prnt E "Passbolt CLI not found (required to fetch passbolt:$name)."
+        die 22
+    fi
+
+    # Exemple basé sur CLI Passbolt + jq
+    secret=$(passbolt secret list --json 2>/dev/null | jq -r --arg NAME "$name" \
+        '.[] | select(.name == $NAME) | .secrets[0].data' 2>/dev/null)
+
+    if [[ -z "$secret" || "$secret" == "null" ]]; then
+        prnt E "Secret '$name' not found in Passbolt."
+        die 23
+    fi
+
+    printf '%s' "$secret"
+}
+export -f get_passbolt_secret
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Get File
+get_file_secret()
+{
+    local path="$1" secret
+
+    if [[ ! -s "$path" ]]; then
+        prnt E "get_file_secret: missing secret file"
+        die 10
+    fi
+    if [[ ! -r "$path" ]]; then
+        prnt E "get_file_secret: '$path' not readable"
+        die 24
+    fi
+
+    secret=$(<"$path")
+    secret="${secret%$'\r'}"
+    secret="${secret%$'\n'}"
+    printf '%s' "$secret"
+}
+export -f get_file_secret
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Get Environment variable
+get_var_secret()
+{
+    local var="$1" secret
+
+    if [[ -z "$var" ]]; then
+        prnt E "get_var_secret: missing variable name"
+        die 25
+    fi
+    if ! printenv "$var" >/dev/null 2>&1; then
+        prnt E "get_var_secret: variable '$var' not set"
+        die 25
+    fi
+
+    secret="$(printenv "$var")"
+    secret="${secret%$'\r'}"
+    secret="${secret%$'\n'}"
+    printf '%s' "$secret"
+}
+export -f get_var_secret
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Main get dispatcher
+# Usage: fetch_secret "scheme:identifier"
+fetch_secret()
+{
+    local ref="$1"
+    local scheme identifier func
+
+    if [[ -z "$ref" ]]; then
+        prnt E "fetch_secret: no reference provided"
+        die 26
+    fi
+
+    # par défaut, si pas de scheme -> "file"
+    if [[ "$ref" != *:* ]]; then
+        scheme="file"
+        identifier="$ref"
+    else
+        scheme="${ref%%:*}"
+        identifier="${ref#*:}"
+    fi
+
+    func="get_${scheme}_secret"
+
+    if ! declare -f "$func" >/dev/null 2>&1; then
+        prnt E "fetch_secret: unsupported scheme '$scheme' (no function $func)"
+        die 27
+    fi
+
+    "$func" "$identifier"
+}
+export -f fetch_secret
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Check Passbolt
+check_passbolt_secret() {
+    local name="$1" found
+
+    if ! command -v passbolt >/dev/null 2>&1; then
+        return 1
+    fi
+
+    found=$(passbolt secret list --json 2>/dev/null | jq -e --arg NAME "$name" \
+        '.[] | select(.name == $NAME) | .secrets[0].data' 2>/dev/null)
+
+    [[ -n "$found" && "$found" != "null" ]]
+}
+export -f check_passbolt_secret
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Check File
+check_file_secret() {
+    local path="$1"
+
+    [[ -r "$path" && -s "$path" ]]
+}
+export -f check_file_secret
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Check Environment variable
+check_var_secret() {
+    local var="$1"
+
+    [[ -n "$var" ]] && printenv "$var" >/dev/null 2>&1
+}
+export -f check_var_secret
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Check Dispatcher
+check_secret() {
+    local ref="$1"
+    local scheme identifier func
+
+    if [[ -z "$ref" ]]; then
+        prnt E "check_secret: no reference provided"
+        return 1
+    fi
+
+    if [[ "$ref" != *:* ]]; then
+        scheme="file"
+        identifier="$ref"
+    else
+        scheme="${ref%%:*}"
+        identifier="${ref#*:}"
+    fi
+
+    func="check_${scheme}_secret"
+
+    if ! declare -f "$func" >/dev/null 2>&1; then
+        prnt E "check_secret: unsupported scheme '$scheme' (no function $func)"
+        return 1
+    fi
+
+    "$func" "$identifier"
+}
+export -f check_secret
+# ------------------------------------------------------------------------------
+
+
+# EOF

lib/services.sh

@@ -1,7 +1,8 @@
+#!/bin/bash
 # ------------------------------------------------------------------------------
 # Services manipulation functions
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -33,6 +34,7 @@ exec_serv()
     unset lineexec
 }
 export exec_serv
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -46,6 +48,7 @@ svc_start()
     unset svc
 }
 export -f svc_start
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -57,6 +60,7 @@ svc_reload()
     done
 }
 export -f svc_reload
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -70,6 +74,7 @@ svc_restart()
     unset svc
 }
 export -f svc_restart
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -83,5 +88,6 @@ svc_stop()
     unset svc
 }
 export -f svc_stop
+# ------------------------------------------------------------------------------
 
 # EOF

lib/support.sh

@@ -1,7 +1,8 @@
+#!/bin/bash
 # ------------------------------------------------------------------------------
 # Base support function
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -72,6 +73,7 @@ Fichiers de configuration :
 EOF
 }
 export -f disp_help
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -102,5 +104,6 @@ show_version()
     fi
 }
 export -f show_version
+# ------------------------------------------------------------------------------
 
 # EOF

lib/users.sh

@@ -0,0 +1,82 @@
+#!/bin/bash
+# ------------------------------------------------------------------------------
+# Users related functions
+# This file is part of the init.sh project
+# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# ------------------------------------------------------------------------------
+# This file is distributed under 3-clause BSD license.
+# The complete license agreement can be obtained at:
+# https://opensource.org/licenses/BSD-3-Clause
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Users (from Ldap)
+add_remote_user()
+{
+    local users=$@
+    for usr in ${users[@]}; do
+        if [[ -n $(grep "^$usr:" /etc/passwd) ]]; then
+            prnt W "A local user with name $usr already exists, adding anyway!"
+        fi
+        if [[ -n $(grep "^+$usr:" /etc/passwd) ]]; then
+            prnt W "The remote user $usr is already declared, nothing to do in passwd."
+        else
+            echo "+$usr::::::" >> /etc/passwd
+            prnt I "User $usr added to passwd..."
+        fi
+        if [[ -n $(grep "^+$usr:" /etc/shadow) ]]; then
+            prnt W "The remote user $usr is already connectable, nothing to do in shadow."
+        else
+            echo "+$usr::::::::" >> /etc/shadow
+            prnt I "User $usr added to shadow..."
+        fi
+    done
+}
+export -f add_remote_user
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Remove users
+remove_user()
+{
+    local users=$@
+    for usr in ${users[@]}; do
+        if [[ -n $(grep "^$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
+            # Using sed is more universal than any distro commands - local case
+            sed -i -e "/^$usr:/d" /etc/{passwd,shadow,group,gshadow}
+        elif [[ -n $(grep "^+$usr:" /etc/{passwd,shadow,group,gshadow}) ]]; then
+            # remote case
+            sed -i -e "/^+$usr:/d" /etc/{passwd,shadow,group,gshadow}
+        else
+            prnt W "User $usr don't exists in auth files, nothing to do."
+        fi
+    done
+}
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Create a local user
+create_local_user()
+{
+    local users=$@
+    for usr in ${users[@]}; do
+        if [[ $(noerror --noout id $usr) != 0 ]]; then
+            prnt I "Creating user $usr..."
+            if [[ $(directory_exists home_skell) ]]; then
+                useradd --create-home --shell $DEFAULT_SHELL \
+                    --user-group $usr \
+                    --skell $(select_directory home_skell)
+            else
+                useradd --create-home --shell $DEFAULT_SHELL --user-group $usr
+            fi
+        else
+            prnt W "The user $usr already exists. Nothing to do..."
+        fi
+    done
+}
+# ------------------------------------------------------------------------------
+
+# EOF

lib/utils.sh

@@ -1,7 +1,8 @@
+#!/bin/bash
 # ------------------------------------------------------------------------------
 # Various utilitary functions
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -15,6 +16,7 @@ stdtime()
     date --rfc-3339=seconds | sed -e 's/ /-/' -e 's/://g' | cut -d'+' -f1
 }
 export -f stdtime
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -25,13 +27,14 @@ function_exists() {
 	die 11 --force
     fi
 
-    if [[ $(LC_ALL=C type -t $1 | grep function) ]]; then
+    if [[ -n $(LC_ALL=C type -t $1 | grep function) ]]; then
 	return 0
     else
 	return 1
     fi
 }
 export -f function_exists
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -42,9 +45,10 @@ get_mod_name()
 	prnt E "get_mod_name(): Bad number of parameters."
 	die 11 --force
     fi
-    echo $(basename $1 | cut -f 1 -d '.')
+    basename $1 | cut -f 1 -d '.'
 }
 export -f get_mod_name
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -52,10 +56,12 @@ export -f get_mod_name
 trim()
 {
     local string="$@"
-    echo "$(sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//'<<<"${string}")"
+    sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//'<<<"${string}"
     unset string
 }
 export -f trim
+# ------------------------------------------------------------------------------
+
 
 # ------------------------------------------------------------------------------
 # Dump the keyboard's buffer
@@ -66,6 +72,7 @@ dump_key_buffer()
     done
 }
 export -f dump_key_buffer
+# ------------------------------------------------------------------------------
 
 
 # EOF

lib/vars.sh

@@ -0,0 +1,108 @@
+#!/bin/bash
+# ------------------------------------------------------------------------------
+# Variables substitution function
+# This file is part of the init.sh project
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# ------------------------------------------------------------------------------
+# This file is distributed under 3-clause BSD license.
+# The complete license agreement can be obtained at:
+# https://opensource.org/licenses/BSD-3-Clause
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Replace @VAR@ in a text file by the corresponding $VAR value
+# The --delimiter or -d option allow to use something else than @
+setvar()
+{
+    local delimiter="@"
+    local vars=()
+    local file
+
+    # Parse arguments
+    while [[ $# -gt 0 ]]; do
+        case "$1" in
+            --delimiter|-d)
+                shift
+                delimiter="${1:-@}"
+                ;;
+            -*)
+                prnt E "setvar(): Unknown option: $1"
+                die 7
+                ;;
+            *)
+                if [[ -f $1 && $# -eq 1 ]]; then
+                    file="$1"
+                else
+                    vars+=("$1")
+                fi
+                ;;
+        esac
+        shift
+    done
+
+    if [[ -z $file ]]; then
+        prnt E "Usage: setvar [--delimiter D] VAR1 [VAR2 ...] <file>"
+        die 7
+    fi
+    if [[ ${#vars[@]} -eq 0 ]]; then
+        prnt E "No variable name(s) provided."
+        die 7
+    fi
+
+    local var val escaped pattern
+    for var in "${vars[@]}"; do
+        val="${!var}"
+        if [[ -z $val ]]; then
+            prnt W "Variable '$var' is unset or empty; skipped."
+            continue
+        fi
+
+        # Échapper les caractères spéciaux pour sed
+        escaped=$(printf '%s' "$val" | sed -e 's/[\/&]/\\&/g')
+
+        pattern="${delimiter}${var}${delimiter}"
+
+        prnt I "Replacing $pattern with $val in $file"
+        sed -i -e "s|$pattern|$escaped|g" "$file"
+    done
+}
+export -f setvar
+# ------------------------------------------------------------------------------
+
+
+# ------------------------------------------------------------------------------
+# Replace @VAR@ in a text file by the corresponding values available in the
+# environment. The --delimiter or -d option allow to use something else than @
+setvars_from_env()
+{
+    local file delimiter="@"
+    while [[ $# -gt 0 ]]; do
+        case "$1" in
+            -d|--delimiter)
+                shift
+                delimiter="${1:-@}"
+                ;;
+            *)
+                file="$1"
+                ;;
+        esac
+        shift
+    done
+
+    [[ -f $file ]] || {
+        prnt E "File not found: $file"
+        die 10
+    }
+
+    local vars
+    vars=$(grep -o "${delimiter}[A-Z0-9_]\+${delimiter}" "$file" | sort -u | tr -d "$delimiter")
+    [[ -z $vars ]] && return 0
+
+    setvar --delimiter "$delimiter" $vars "$file"
+}
+export -f setvars_from_env
+# ------------------------------------------------------------------------------
+
+
+# EOF

lib/version.sh

@@ -1,7 +1,8 @@
+#!/bin/bash
 # ------------------------------------------------------------------------------
 # Version determination function
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2024 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -37,13 +38,14 @@ get_os_version()
 	    unset maj min
 	fi
 
-	# Return values on stdout
+	# Return values on stdout (awk used to retreave primary codename when using testing or unstable)
 	echo ${ID,,} ${VERSION_ID} $(echo ${VERSION_CODENAME,,} | awk '{print $1}')
 
 
     )
 }
 export read_os_release
+# ------------------------------------------------------------------------------
 
 
 # ------------------------------------------------------------------------------
@@ -66,5 +68,6 @@ set_sys_vars()
     fi
 }
 export -f get_os_version
+# ------------------------------------------------------------------------------
 
 # EOF

modules/authnz.sh

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------
 # Add local or remote users
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -20,58 +20,9 @@
 #  * DEFAULT_SHELL: The shell to use when creating new users
 # ------------------------------------------------------------------------------
 
-export VER_authnz=0.2.2
+export VER_authnz="0.2.2"
-export DEP_authnz="upgrade_dist"
+export DEP_authnz=""
 
-# Users (from Ldap)
-add_remote_user()
-{
-    if [[ $(grep "^$1:" /etc/passwd) ]]; then
-        prnt W "A local user with name $1 already exists, adding anyway!"
-    fi
-    if [[ $(grep "^+$1:" /etc/passwd) ]]; then
-        prnt W "The remote user $1 is already declared, nothing to do in passwd."
-    else
-        echo "+$1::::::" >> /etc/passwd
-        prnt I "User $1 added to passwd..."
-    fi
-    if [[ $(grep "^+$1:" /etc/shadow) ]]; then
-        prnt W "The remote user $1 is already connectable, nothing to do in shadow."
-    else
-        echo "+$1::::::::" >> /etc/shadow
-        prnt I "User $1 added to shadow..."
-    fi
-}
-
-# Remove users
-remove_user()
-{
-    if [[ $(grep "^$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
-        # Using sed is more universal than any distro commands - local case
-        sed -i -e "/^$1:/d" /etc/{passwd,shadow,group,gshadow}
-    elif [[ $(grep "^+$1:" /etc/{passwd,shadow,group,gshadow}) ]]; then
-        # remote case
-        sed -i -e "/^+$1:/d" /etc/{passwd,shadow,group,gshadow}
-    else
-        prnt W "User $1 don't exists in auth files, nothing to do."
-    fi
-}
-
-# Create a local user
-create_local_user()
-{
-    if [[ $(noerror --noout id $1) != 0 ]]; then
-        prnt I "Creating user $1..."
-        if [[ $(directory_exists home_skell) ]]; then
-            useradd --create-home --shell $DEFAULT_SHELL --user-group $1 \
-                --skell $(select_directory home_skell)
-        else
-            useradd --create-home --shell $DEFAULT_SHELL --user-group $1
-        fi
-    else
-        prnt W "The user $1 already exists. Nothing to do..."
-    fi
-}
 
 # Authentication
 authnz()

modules/conf_ceph.sh

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------
-# Configure machine for ceph (or samba) mount
+# Configure machine for ceph (or samba / NFS) mount
 # This file is part of the init.sh project
-# Copyright (c) 2019-2021 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2025 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -10,43 +10,52 @@
 # Variable:
 #   * CEPH_SRV_NAMES: hosts names of ceph servers
 #   * CEPHIP_srv: with "srv" being a ceph server hostname, its corresponding IP
-#   * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount
+#   * CEPH_MOUNTS: list of mounts to create
-#   * SMBSRV: Fallback samba server on unsupported architectures
+#   * CEPH_MP_mount: mount point for the given "mount"
-# Mount points are hardcoded and should bet set differently
+#   * SHARED_HOME: Set at yes if homedir is a directory of the ceph mount (to be removed)
+#   * SMBSRV: Fallback samba server on unsupported architectures (not doing
+#             anything if undeclared)
+#   * NFSSRV: Fallback NFS server on unsupported architectures (not doing
+#             anything if undeclared)
+# If both SMBSRV and NFSSRV are set on unsupported hardware, Samba will have a
+# higher priority.
 # ------------------------------------------------------------------------------
 
-export VER_conf_ceph="0.0.5"
+export VER_conf_ceph="1.0.2"
-export DEP_conf_ceph="upgrade_dist"
+export DEP_conf_ceph=""
 
 conf_ceph()
 {
-    # Create mount point directories
-    echo "Creating mount points"
-    mkdir -pv /srv/ceph/share
-    mkdir -pv /share
-
     local success=undef
-    local fstabchanged=false
+
+    # Determine the type of installation
     if [[ $SYS_ARCH == "x86_64" || $SYS_ARCH == "i386" ]]; then
         export CEPH_STATUS=ceph
-    else
+    elif [[ -n $SMBSRV ]]; then
         export CEPH_STATUS=smb
+    elif [[ -n $NFSSRV ]]; then
+        export CEPH_STATUS=nfs
+    else
+        export CEPH_STATUS=none
     fi
+
     if [[ $CEPH_STATUS == ceph ]]; then
         # Install ceph package
         pkginst ceph-common
 
         # hosts files required for Ceph bootstrap when DNS not yet started
-        if [[ ! $(grep "# Ceph" /etc/hosts) ]]; then
+        if ! grep -q "^# Ceph" /etc/hosts; then
             prnt I "Adding server list to /etc/hosts"
             backup_dist /etc/hosts
             tag_file /etc/hosts
             echo >> /etc/hosts
             echo "# Ceph servers:" >> /etc/hosts
             for srv in $CEPH_SRV_NAMES; do
-                local line="$(eval echo \$CEPHIP_$srv)    $srv.$REALM   $srv"
+                local line
+                line="$(eval echo \$CEPHIP_$srv)    $srv.$REALM   $srv"
                 prnt m "     - Adding line $line to /etc/hosts"
                 echo "$line" >> /etc/hosts
+                unset line
             done
         else
             prnt W "Ceph servers already in /etc/hosts, nothing to do"
@@ -54,37 +63,59 @@ conf_ceph()
 
         backup_dist /etc/fstab
         prnt I "Adding ceph entries to /etc/fstab"
-        fstabchanged=true
+        tag_file /etc/fstab
         echo >> /etc/fstab
-        local srvlist=$(echo $CEPH_SRV_NAMES | sed "s/ /,/g")
+        local srvlist=${CEPH_SRV_NAMES// /,}
-        if [[ ! $(grep $srvlist /etc/fstab) ]]; then
+
+        prnt I "Fetching secret $CEPH_SECRET..."
+        local secret
+        secret=$(fetch_secret "$CEPH_SECRET")
+        if ! grep -q "$srvlist" /etc/fstab; then
             echo "# Ceph :" >> /etc/fstab
-            echo "$srvlist:/    /srv/ceph       ceph    defaults,_netdev,name=admin,secret=$CEPH_SECRET  0 0" >> /etc/fstab
+            for mnt in $CEPH_MOUNTS; do
+                local mp=$(eval echo \$CEPH_MP_$mnt)
+                mkdir -pv "$mp"
+                echo "$srvlist:/    $mp       ceph    defaults,_netdev,name=admin,secret=$secret,mds_namespace=$mnt  0 0" >> /etc/fstab
+                unset mp
+            done
         else
             prnt W "Ceph entry already in /etc/fstab, nothing to do"
         fi
-        unset srvlist
+        unset srvlist secret
         success=yes
     elif [[ $CEPH_STATUS == smb ]]; then
         pkginst smbclient
 
         backup_dist /etc/fstab
         prnt I "Adding Samba entries to /etc/fstab"
-        fstabchanged=true
         echo >> /etc/fstab
-        if [[ ! $(grep $SMBSRV /etc/fstab) ]]; then
+        tag_file /etc/fstab
+        if ! grep -q "$SMBSRV" /etc/fstab; then
             echo "# Samba:" >> /etc/fstab
-            echo "//$SMBSRV/share       /srv/ceph/share cifs    defaults,_netdev,username=root,password=        0 0" >> /etc/fstab
+            for mnt in $CEPH_MOUNTS; do
+                local mp=$(eval echo \$CEPH_MP_$mnt)
+                mkdir -pv $mp
+                echo "//$SMBSRV/$mnt       $mp     cifs    defaults,_netdev,username=root,password=        0 0" >> /etc/fstab
+                unset $mp
+            done
         else
             prnt W "Samba entry already in /etc/fstab, nothing to do"
         fi
         success=yes
+    elif [[ $CEPH_STATUS == nfs ]]; then
+        tag_file /etc/fstab
+        # To be implemented
+    elif [[ $CEPH_STATUS == none ]]; then
+        prnt W "No alternative set for unsuported hardware, nothing will be done."
+        return 0
     else
-        prnt E "Ceph status not understood, the next tasks will probably fail"
+        prnt E "Ceph status not understood, something is wrong."
+        return 1
     fi
     if [[ $success == yes ]]; then
-        if [[ ! $(grep "^/srv/ceph/share" /etc/fstab) ]]; then
+        # Create some mount binds for convenience
-            fstabchanged=true
+        # TODO: That part should be a different module with own configuration
+        if grep -q "^/srv/ceph/share" /etc/fstab; then
             echo "/srv/ceph/share       /share  none    defaults,_netdev,bind   0 0" >> /etc/fstab
             if [[ $SHARED_HOME == 1 ]]; then
                 echo "/srv/ceph/share/home      /home   none    defaults,_netdev,bind   0 0" >> /etc/fstab
@@ -94,18 +125,15 @@ conf_ceph()
         prnt E "Failed creating original mount, not adding binded ones"
     fi
 
-    if [[ $fstabchanged == true ]]; then
-        tag_file /etc/fstab
-    fi
-    unset fstabchanged
 
     # Mount Ceph volumes if required
     prnt I "Mounting ceph volumes"
-    [[ ! $(mount | grep "on /srv/ceph") ]] && mount -v /srv/ceph || mount -v /srv/ceph/share
+    for mnt in $CEPH_MOUNTS; do
-    [[ ! $(mount | grep "on /share") ]] && mount -v /share
+        if ! mountpoint -q "$(eval echo \$CEPH_MP_$mnt)"; then
-    if [[ $SHARED_HOME == "true" ]]; then
+            mount -v "$(eval echo \$CEPH_MP_$mnt)" ||
-        [[ ! $(mount | grep "on /home") ]] && mount -v /home
+                prnt W "Error while mounting CEPH filesystem (check CEPH logs), ignoring"
         fi
+    done
 }
 
 precheck_conf_ceph()
@@ -124,17 +152,24 @@ precheck_conf_ceph()
             done
             if [[ -z $CEPH_SECRET ]]; then
                 prnt E "CEPH secret key is not declared, can't continue!"
-                prnt I "If you don't want to put tour CEPH secret in configuration file,"
+                prnt I "If you don't want to put a CEPH secret var in configuration file,"
                 prnt m "you need to export it temporarily in your environment, using the"
                 prnt m "\"CEPH_SECRET\" variable."
-                exit 181
+                die 181
+            elif ! check_secret $CEPH_SECRET; then
+                prnt E "The declared $CEPH_SECRET is not accessible."
+                die 183
+            fi
+            if [[ -z $CEPH_MOUNTS ]]; then
+                prnt E "No CEPH mounts declared, despite reachable servers."
+                die 182
             fi
         else
             prnt E "No CEPH server declared!"
             die 182
         fi
     else
-        prnt W "System incompatible with ceph, falling back to samba..."
+        prnt W "System incompatible with ceph, falling back to Samba or NFS..."
     fi
 }
 

modules/conf_disks.sh

@@ -16,7 +16,7 @@
 #  * CALCDRV: Target drives, preferably through ID.
 # ------------------------------------------------------------------------------
 
-export VER_conf_disks="0.0.9"
+export VER_conf_disks="0.0.9-obsolete"
 export DEP_conf_disks="upgrade_dist"
 
 # ------------------------------------------------------------------------------

modules/conf_locale.sh

@@ -31,7 +31,7 @@ conf_locale()
 
     # Removing locales not in the list
     prnt I "Deactivating initial locales from installation..."
-    if [[ $(grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$') ]]; then
+    if [[ -n $(grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$') ]]; then
         grep -v '^#' $gen_fname | grep -v -e '^[[:space:]]*$' |
             while read -r line; do
                 sed -i "s/$line/# $line/" $gen_fname

modules/conf_mail.sh

@@ -13,8 +13,8 @@
 #  * MAIL_RELAY: Name of the mail relay server
 # ------------------------------------------------------------------------------
 
-export VER_conf_mail="0.0.7"
+export VER_conf_mail="0.0.8"
-export DEP_conf_mail="upgrade_dist"
+export DEP_conf_mail=""
 
 conf_mail()
 {
@@ -30,7 +30,7 @@ conf_mail()
         -e "s/@MAIL_RELAY@/$MAIL_RELAY/" $pfmain
 
     echo $HOSTNAME.$REALM > /etc/mailname
-    tag_file /etc/mailname
+    #tag_file /etc/mailname
 
     svc_restart postfix
 }

modules/conf_network.sh

@@ -100,11 +100,10 @@ conf_network()
 	fi
     done
 
-    prnt I "Trying to raise down iface up. Allready configured iface will require a reboot"
+    prnt I "Restart network to apply changes"
-    ifup -a || true && prnt W "Ignoring errors here."
+    svc_restart networking || true && prnt W "Ignoring errors here."
 
     unset iface if_file
-    NEED_REBOOT=true
 }
 
 precheck_conf_network()
@@ -119,7 +118,7 @@ precheck_conf_network()
 		die 175
 	    else
 		if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
-		    prnt W "The IPv4 iface $iface, is already configured, a reboot will be required."
+		    prnt W "The IPv4 iface $iface, is already configured, a reboot could be required."
 		fi
 	    fi
 	    if [[ -z $(eval echo \$NET4_MODE_$iface) ]]; then
@@ -157,7 +156,7 @@ precheck_conf_network()
 		die 175
 	    else
 		if [[ $(grep "up" /sys/class/net/$iface/operstate) ]]; then
-		    prnt W "The IPv6 iface $iface, is already configured, a reboot will be required."
+		    prnt W "The IPv6 iface $iface, is already configured, a reboot could be required."
 		fi
 	    fi
 	    if [[ -z $(eval echo \$NET6_MODE_$iface) ]]; then

modules/conf_nfs.sh

@@ -1,28 +1,43 @@
 # ------------------------------------------------------------------------------
-# Description of module conf_nfs
+# Configure NFS mounts
-# Copyright (c) Year Your Name <your.mail@host.tld>
+# This file is part of the init.sh project
+# Copyright (c) 2019-2023 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
-# <Licence header compatible with BSD-3 licence, you want to use>
+# This file is distributed under 3-clause BSD license.
+# The complete license agreement can be obtained at:
+# https://opensource.org/licenses/BSD-3-Clause
 # ------------------------------------------------------------------------------
 # Variable list:
-#  * <VARNAME>: role explaination
+#  * NFS_MOUNTS: list of mounts used in other variable names
+#  * MOUNTSERV_<mnt>: server acces to mount <mnt>
+#  * MOUNTPOINT_<mnt>: mount point for <mnt>
+#  * MOUNTOPTS_<mnt>: optionnaly, extra mount options for <mnt>
+#       ("defaults,_netdev" by default)
 # ------------------------------------------------------------------------------
 
 # Module version
-export VER_conf_nfs="0.0.1"
+export VER_conf_nfs="0.0.3"
 
 # Module's code
 conf_nfs()
 {
     pkginst nfs-common
     for mnt in $NFS_MOUNTS; do
-	if [[ ! $(grep "$(eval echo \$MOUNTSERV_$mnt)/d" /etc/fstab) ]]; then
+	local mnt_serv=$(eval echo \$MOUNTSERV_$mnt)
-	    echo -e "$(eval echo \$MOUNTSERV_$mnt)\t$(eval echo \$MOUNTPOINT_$mnt)\tnfs4\tdefaults,_netdev\t0\t0" >> /etc/fstab
+	local mnt_point=$(eval echo \$MOUNTPOINT_$mnt)
+	local mnt_opts=$(eval echo \$MOUNTOPTS_$mnt)
+	if [[ $(echo $mnt_opts | wc -w) == "0" ]]; then
+	    mnt_opts="defaults,_netdev"
 	fi
-	if [[ ! -d $(eval echo \$MOUNTPOINT_$mnt) ]]; then
+	if [[ -z $(grep "$mnt_serv" /etc/fstab) ]]; then
-	    mkdir -pv $(eval echo \$MOUNTPOINT_$mnt)
+	    echo -e "${mnt_serv}\t${mnt_point}\tnfs4\t${mnt_opts}\t0\t0" >> /etc/fstab
 	fi
-	mount $(eval echo \$MOUNTPOINT_$mnt)
+	unset mnt_serv
+	if [[ ! -d $mnt_point ]]; then
+	    mkdir -pv "$mnt_point"
+	fi
+	mount -v "$mnt_point"
+	unset mnt_point
     done
 }
 

modules/conf_ntp.sh

@@ -11,7 +11,7 @@
 #  * NTPSERVERS: list of NTP servers
 # ------------------------------------------------------------------------------
 
-export VER_conf_ntp="0.1.6"
+export VER_conf_ntp="0.2.0"
 export DEP_conf_ntp=""
 
 conf_ntp()
@@ -21,16 +21,13 @@ conf_ntp()
 	systemctl disable systemd-timesyncd || true
     fi
 
+    NTP_SERV=${NTP_SERV:-ntp}
     prnt I "Installing ntp daemon..."
-    pkginst ntp
+    pkginst $NTP_SERV
     prnt I "Stopping service ntp..."
-    if [[ -n $NTP_SERV ]]; then
     svc_stop $NTP_SERV
-    else
-	svc_stop ntp
-    fi
 
-    if [[ -n $NTP_SERV ]]; then
+    if [[ $NTP_SERV == ntpsec ]]; then
 	local conf_file="/etc/$NTP_SERV/ntp.conf"
     else
 	local conf_file="/etc/ntp.conf"
@@ -38,15 +35,19 @@ conf_ntp()
 
     prnt I "Installing NTP configuration file..."
     local dest="${conf_file}.work"
-    backup_dist $conf_file
+    backup_dist "$conf_file"
-    install_file ntp.conf $dest
+    if [[ -s $NTP_SERV ]]; then
-    tag_file $dest
+	install_file ${NTP_SERV}.conf "$dest"
+    else
+	install_file ntp.conf "$dest"
+    fi
+    tag_file "$dest"
     local line=""
     for srv in $NTP_SERVERS; do
 	line="${line}server $srv iburst\n"
     done
-    sed -i -e "s/@SERVERLIST@/$line/" $dest &&
+    sed -i -e "s/@SERVERLIST@/$line/" "$dest" &&
-	mv -fv $dest $conf_file
+	mv -fv "$dest" "$conf_file"
 
     prnt I "Starting service ntp..."
 

modules/conf_ssh.sh

@@ -12,7 +12,7 @@
 # ------------------------------------------------------------------------------
 
 export VER_conf_ssh="0.1.4"
-export DEP_conf_ssh="upgrade_dist"
+export DEP_conf_ssh=""
 
 conf_ssh()
 {

modules/conf_syslog.sh

@@ -15,6 +15,7 @@ export VER_conf_syslog="0.0.5"
 
 conf_syslog()
 {
+    pkginst rsyslog
     local syslogconf=/etc/rsyslog.conf
     prnt I "Configuring rsyslog..."
     backup_dist $syslogconf

modules/create_vm.sh

@@ -11,7 +11,7 @@
 #   To be defined
 # ------------------------------------------------------------------------------
 
-export VER_create_vm="0.0.2"
+export VER_create_vm="0.0.2-obsolete"
 export DEP_create_vm="upgrade_dist install_pkg"
 
 create_vm()

modules/install_chromium.sh

@@ -32,13 +32,17 @@ install_chromium()
 	    prnt I "Adding Debian Bullseye repository to software sources..."
 	    install_file debian_bullseye.list /etc/apt/sources.list.d/
 	;;
+	22.04|22.10|23.04|23.10)
+	    prnt I "Adding Debian Bookworm repository to software sources..."
+	    install_file debian_bookworm.list /etc/apt/sources.list.d/
+	;;
     esac
 
     # Install Debian GPG keys
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys DCC9EFBF77E11517
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "DCC9EFBF77E11517"
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "648ACFD622F3D138"
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA8E81B4331F7F50
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "AA8E81B4331F7F50"
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 112695A0E562B32A
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "112695A0E562B32A"
 
     # Install package manager conf file for Chromium
     install_file apt_chromium.conf /etc/apt/preferences.d/
@@ -69,6 +73,9 @@ precheck_install_chromium()
 	20.04|20.10|21.04|21.10)
 	    prnt m " * Detected Ubuntu $SYS_VER, will install Bullseye version of Chromium"
 	;;
+	22.04|22.10|23.04|23.10)
+	    prnt m " * Detected Ubuntu $SYS_VER, will install Bookworm version of Chromium"
+	;;
 	*)
 	    prnt E "Unable to determine the corresponding Debian version."
 	    die 165

modules/install_desktop.sh

@@ -16,7 +16,7 @@
 # ------------------------------------------------------------------------------
 
 export VER_install_desktop="0.0.5"
-export DEP_install_desktop="upgrade_dist"
+export DEP_install_desktop=""
 
 install_desktop()
 {
@@ -24,12 +24,12 @@ install_desktop()
 	prnt I "Installing additionnal X11 drivers..."
 	pkginst $X11_DRV
     fi
-    if [[ $UBUNTU_FLAVOR ]]; then
+    if [[ -n $UBUNTU_FLAVOR ]]; then
 	prnt I "Installing $UBUNTU_FLAVOR environment..."
 	pkginst ${UBUNTU_FLAVOR}-desktop
     fi
     # Because we're lazy but manual actions can avoid reboot...
-    NEED_REBOOT=true
+    export NEED_REBOOT=true
 }
 
 precheck_install_desktop()

modules/install_mkagent.sh

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------------
 # Install check_mk agent using xinetd superserver
 # This file is part of the init.sh project
-# Copyright (c) 2019-2022 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
+# Copyright (c) 2019-2023 Geoffray Levasseur <fatalerrors@geoffray-levasseur.org>
 # ------------------------------------------------------------------------------
 # This file is distributed under 3-clause BSD license.
 # The complete license agreement can be obtained at:
@@ -9,33 +9,144 @@
 # ------------------------------------------------------------------------------
 # Variable:
 #  * MK_SERVER: Server IP address
-#  * MK_PORT: Port check_mk agent will use to communicate with server
+#  * MK_SITE: The check_mk site (or instance) to use
+#  * MK_URL: The URL to use to download the agent
+#  * MK_SECRET: The secret to use to register the agent
+#  * MK_USER: The user to use to register
 # ------------------------------------------------------------------------------
 
-export VER_install_mkagent="0.0.6"
+export VER_install_mkagent="0.1.0"
-export DEP_install_mkagent="upgrade_dist install_pkg"
+export DEP_install_mkagent=""
+
+
+# ------------------------------------------------------------------------------
+# Extract CheckMK version from the server
+get_checkmk_version_from_server()
+{
+    local ip="$1"
+    local site="${2:-$MK_SITE}"
+    local proto out v header
+    local re_version='[0-9]+\.[0-9]+(\.[0-9]+)?p?[0-9]+'
+
+    [[ -n "$MK_VERSION" ]] && { printf '%s' "$MK_VERSION"; return 0; }
+
+    for proto in http https; do
+        # 1) Tentative via version.py (souvent non protégée)
+        if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/version.py" 2>/dev/null); then
+            v=$(grep -oE "$re_version" <<<"$out" | head -n1)
+            [[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
+        fi
+
+        # 2) Tentative via login.py (page de connexion)
+        if out=$(curl -fsS --max-time 3 "$proto://$ip/$site/check_mk/login.py" 2>/dev/null); then
+            v=$(grep -oE "$re_version" <<<"$out" | grep -vE '2\.[0-9]{1,3}\.[0-9]{2,3}' | head -n1)
+            [[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
+        fi
+
+        # 3) En-têtes HTTP éventuels
+        header=$(curl -fsSI --max-time 3 "$proto://$ip/$site/" 2>/dev/null || true)
+        if [[ -n "$header" ]]; then
+            v=$(grep -oiE "$re_version" <<<"$header" | head -n1)
+            [[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
+        fi
+
+        # 4) Fallback : page d'accueil, mais filtrer les faux positifs du JS
+        out=$(curl -fsS --max-time 5 "$proto://$ip/$site/" 2>/dev/null || true)
+        if [[ -n "$out" ]]; then
+            # Filtre plus strict : commence par 1.x ou 2.x et max 2 chiffres après le point
+            v=$(grep -oE "$re_version" <<<"$out" \
+                | grep -E '^2\.[0-9]+(\.[0-9]+)?p?[0-9]*$' \
+                | grep -vE '\.[0-9]{3,}' \
+                | head -n1)
+            [[ -n "$v" ]] && { printf '%s' "$v"; return 0; }
+        fi
+    done
+
+    return 1
+}
 
 install_mkagent()
 {
-    wget $MK_URL -O /tmp/check-mk-agent_${MK_VERSION}_all.deb
+    local debfile="/tmp/check-mk-agent_latest_all.deb"
-    pkginst xinetd /tmp/check-mk-agent_${MK_VERSION}_all.deb
+    prnt I "Downloading CheckMK agent from: $MK_URL"
-    rm /tmp/check-mk-agent_${MK_VERSION}_all.deb
 
-    backup_dist /etc/xinetd.d/check_mk
+    # try primary URL
-    install_file cmk/check_mk /etc/xinetd.d/check_mk
+    if ! wget -q "$MK_URL" -O "$debfile"; then
-    tag_file /etc/xinetd.d/check_mk
+        prnt W "Primary download failed. Attempting to detect server version and fallback..."
-    sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check_mk
+        local mkver
+        mkver=$(get_checkmk_version_from_server "$MK_SERVER_IP" 2>/dev/null || true)
 
-    mkdir -pv /usr/lib/check_mk_agent/plugins/28800
+        if [[ -n "$mkver" ]]; then
-    install_file cmk/mk_apt /usr/lib/check_mk_agent/plugins/28800/mk_apt
+            prnt I "Detected Check_MK version: $mkver — building fallback URL"
+            # replace the literal 'latest' token in MK_URL with the detected version
+            local fallback_url
+            fallback_url="${MK_URL/latest/$mkver-1}"
+            prnt I "Trying fallback URL: $fallback_url"
+            if ! wget -q "$fallback_url" -O "$debfile"; then
+                prnt E "Fallback download with version $mkver failed."
+                die 163
+            fi
+        else
+            prnt E "Unable to detect Check_MK version on $MK_SERVER_IP and primary download failed."
+            die 163
+        fi
+    fi
 
+    # On non-systemd systems, install xinetd before the .deb to avoid postinst failures
+    if ! pidof systemd >/dev/null; then
+        pkginst xinetd
+    fi
+
+    # Install agent package
+    pkginst "$debfile"
+    rm -f "$debfile"
+
+    # Enable service depending on init system
+    if pidof systemd >/dev/null; then
+        systemctl enable --now check-mk-agent.socket
+    else
+        backup_dist /etc/xinetd.d/check-mk-agent
+        install_file cmk/check_mk /etc/xinetd.d/check-mk-agent
+        tag_file /etc/xinetd.d/check-mk-agent
+        sed -i -e "s/@MK_SERVER_IP@/$MK_SERVER_IP/" /etc/xinetd.d/check-mk-agent
         svc_restart xinetd
+    fi
+
+    # Debian plugin
+    if [[ $PKG_MAN == "apt-get" ]]; then
+        mkdir -pv /usr/lib/check_mk_agent/plugins/3600
+        install_file cmk/mk_apt /usr/lib/check_mk_agent/plugins/3600/mk_apt
+    fi
+
+    # Registration (if secret provided)
+    if [[ -n $MK_SECRET ]]; then
+        local secret
+        prnt I "Fetching secret $MK_SECRET..."
+        secret=$(fetch_secret "$MK_SECRET")
+        if [[ -e /var/lib/cmk-agent/cmk-agent-ctl.gz ]]; then
+            gunzip -v -f  /var/lib/cmk-agent/cmk-agent-ctl.gz
+            chmod -v +x /var/lib/cmk-agent/cmk-agent-ctl
+        fi
+        if [[ -x /var/lib/cmk-agent/cmk-agent-ctl ]]; then
+            /var/lib/cmk-agent/cmk-agent-ctl register \
+                --hostname "$HOSTNAME" \
+                --server "$MK_SERVER_IP" \
+                --site "$MK_SITE" \
+                --user "$MK_USER" \
+                --password "$secret"
+        else
+            prnt W "Agent control tool not found; skipping registration."
+        fi
+        unset secret
+    else
+        prnt W "No secret configured, agent cannot be registered."
+    fi
 }
 
 precheck_install_mkagent()
 {
-    if [[ -z $MK_VERSION ]]; then
+    if [[ -z $MK_SITE ]]; then
-	prnt E "Undeclared check_mk version of the agent to install."
+        prnt E "Undeclared check_mk site to use."
         die 162
     fi
     if [[ -z $MK_URL ]]; then
@@ -46,7 +157,16 @@ precheck_install_mkagent()
         prnt E "Undeclared check_mk server."
         die 162
     fi
+    if [[ $PKG_MAN == "apt-get" ]]; then
         file_must_exists cmk/check_mk cmk/mk_apt
+    fi
+    if [[ -z $MK_SECRET ]]; then
+        prnt W "No secret set for CheckMK, registration won't be possible."
+        if [[ -z $MK_USER ]]; then
+            prnt E "A CheckMK user is required to register."
+            die 162
+        fi
+    fi
 }
 
 export -f install_mkagent

modules/install_pkg.sh

@@ -25,7 +25,7 @@ install_pkg()
     fi
 
     # Blacklist some anoying packages (and remove them if needed)
-    if [[ -n PKGS_BLACKLIST ]]; then
+    if [[ -n $PKGS_BLACKLIST ]]; then
 	for pkg in $PKGS_BLACKLIST; do
 	    prnt I "Placing $pkg into the blacklist..."
 	    local dest=/etc/apt/preferences.d/blacklist_$pkg
@@ -51,13 +51,13 @@ install_pkg()
 
 precheck_install_pkg()
 {
-    if [[ -z PKGS_RMLIST ]]; then
+    if [[ -z $PKGS_RMLIST ]]; then
 	prnt m " * No package to remove."
     else
 	prnt m " * $(echo $PKGS_RMLIST | wc -w) package to remove."
     fi
 
-    if [[ -z PKGS_BLACKLIST ]]; then
+    if [[ -z $PKGS_BLACKLIST ]]; then
 	prnt m " * The packages $pkg will be placed into the blacklist !"
 	file_must_exists pkgman/blacklist.conf
     else

modules/install_profile.sh

@@ -30,7 +30,7 @@ install_profile()
 	#tag_file $usr/.tmux.conf{,.local}
 	if [[ ! -d $usr/profile ]]; then
 	    (
-		cd $usr
+		cd $usr || return 205
                 git config --global http.sslverify false
                 git clone https://git.geoffray-levasseur.org/fatalerrors/profile.git
                 git config --global http.sslverify true

modules/patch_snmp.sh

@@ -8,8 +8,8 @@
 # https://opensource.org/licenses/BSD-3-Clause
 # ------------------------------------------------------------------------------
 
-export VER_patch_snmp="0.1.2"
+export VER_patch_snmp="0.1.3"
-export DEP_patch_snmp="install_pkg"
+export DEP_patch_snmp=""
 
 patch_snmp()
 {

modules/select_system_proxy.sh

@@ -9,7 +9,7 @@
 # ------------------------------------------------------------------------------
 
 export VER_select_system_proxy="0.0.5"
-export DEP_select_system_proxy="upgrade_dist"
+export DEP_select_system_proxy=""
 
 select_system_proxy()
 {
@@ -20,7 +20,7 @@ select_system_proxy()
     else
         prnt I "No proxy configuration set, nothing to do."
     fi
-    NEED_REBOOT=true
+    export NEED_REBOOT=true
 }
 
 precheck_select_system_proxy()

modules/upgrade_dist.sh

@@ -13,14 +13,19 @@
 #   * PROXY_APT_PORT: Working port for APT proxy if one declared
 #   * PROXY_SRV: General purpose proxy if PROXY_APT is undefined
 #   * PROXY_SRV_PORT: Working port for general purpose proxy if one declared
+# TODO: Split apt conf and actuel update to avoid repeating configuration if
+#       for a reason apt fail
+# TODO: This is Debian only, make this universal (at least yum/dnf compatible)
 # ------------------------------------------------------------------------------
 
-export VER_upgrade_dist="0.2.3"
+export VER_upgrade_dist="0.3.0"
 
 # As aptitude might fail if clock is too far from real time, we need to depend
 # on ntp
 export DEP_upgrade_dist="conf_ntp"
 
+export SOURCE_EXT="${SOURCE_EXT:-list}"
+
 upgrade_dist()
 {
     local proxyfile=/etc/apt/apt.conf.d/00proxy
@@ -29,18 +34,30 @@ upgrade_dist()
     # We backup entire apt dir
     backup_dist /etc/apt
     prnt I "Basic apt configuration..."
-    tag_file $norecommend
+
-    echo 'APT::Install-Recommends "false";' >> $norecommends
+    # TODO: No recommend section should be optionnal
-    echo 'APT::AutoRemove::RecommendsImportant "false";' >> $norecommends
+    tag_file $norecommends
-    echo 'APT::AutoRemove::SuggestsImportant "false";' >> $norecommends
+    {
+        echo 'APT::Install-Recommends "false";'
+        echo 'APT::AutoRemove::RecommendsImportant "false";'
+        echo 'APT::AutoRemove::SuggestsImportant "false";'
+    }  >> $norecommends
 
     prnt I "Configuring proxy for APT..."
     if [[ -n $PROXY_APT ]]; then
         if [[ ! -d $(dirname $proxyfile) ]]; then
-	    mkdir -pv $(dirname $proxyfile) || (
+            mkdir -pv "$(dirname $proxyfile)" || (
                 prnt E "Impossible to create directory to receive APT configuration."
                 die 60
             )
+        else
+            # Cleanup
+            if [[ -s $proxyfile ]]; then
+                true > "$proxyfile"
+            fi
+            if grep -q "^Acquire::http::Proxy" /etc/apt/apt.conf; then
+                sed -i -e "/^Acquire::http::Proxy/d" /etc/apt/apt.conf
+            fi
         fi
         tag_file $proxyfile
         echo "Acquire::http::Proxy \"http://${PROXY_APT}:${PROXY_APT_PORT}\";" >> $proxyfile
@@ -52,7 +69,12 @@ upgrade_dist()
     fi
 
     # Remplace source.list from dist with ours (be smarter)
-    install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" /etc/apt/sources.list
+    if [[ NO_MAIN_SOURCE == true ]]; then
+        install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" "/etc/apt/sources.list.d/debian.${SOURCE_EXT}"
+    else
+	# We don't use SOURCE_EXT
+        install_file "pkgman/${SYS_DIST}_${SYS_VER}.list" "/etc/apt/sources.list"
+    fi
 
     prnt I "Updating package list..."
     pkgupdt
@@ -81,6 +103,10 @@ precheck_upgrade_dist()
         die 160
     fi
     file_must_exists pkgman/${SYS_DIST}_${SYS_VER}.list
+    if [[ -z $NO_MAIN_SOURCE ]]; then
+        prnt E "A required variable to configure apt is not defined."
+        die 160
+    fi
 }
 
 cron_upgrade_dist()

repo/common/ntpsec.conf

@@ -0,0 +1,53 @@
+# /etc/ntpsec/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntpsec/ntp.drift
+leapfile /usr/share/zoneinfo/leap-seconds.list
+
+# To enable Network Time Security support as a server, obtain a certificate
+# (e.g., with Let's Encrypt), place the cert and key in the paths below, and
+# uncomment:
+# nts cert /etc/ntpsec/cert-chain.pem
+# nts key /etc/ntpsec/key.pem
+# nts enable
+
+# You must create /var/log/ntpsec (owned by ntpsec:ntpsec) to enable logging.
+#statsdir /var/log/ntpsec/
+#statistics loopstats peerstats clockstats
+#filegen loopstats file loopstats type day enable
+#filegen peerstats file peerstats type day enable
+#filegen clockstats file clockstats type day enable
+
+# This should be maxclock 7, but the pool entries count towards maxclock.
+tos maxclock 11
+
+# Comment this out if you have a refclock and want it to be able to discipline
+# the clock by itself (e.g. if the system is not connected to the network).
+tos minclock 4 minsane 3
+
+# Specify one or more NTP servers.
+
+# Public NTP servers supporting Network Time Security:
+# server time.cloudflare.com nts
+@SERVERLIST@
+
+# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+# pick a different set every time it starts up.  Please consider joining the
+# pool: <https://www.pool.ntp.org/join.html>
+#pool 0.debian.pool.ntp.org iburst
+#pool 1.debian.pool.ntp.org iburst
+#pool 2.debian.pool.ntp.org iburst
+#pool 3.debian.pool.ntp.org iburst
+
+# Access control configuration; see /usr/share/doc/ntpsec-doc/html/accopt.html
+# for details.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict default kod nomodify noquery limited
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1

repo/common/pkgman/debian_10.list

@@ -1,5 +1,10 @@
 # Basic Debian Buster repositories
 
- deb http://deb.debian.org/debian buster main
+deb http://deb.debian.org/debian buster main contrib non-free
- deb http://deb.debian.org/debian buster-updates main
+deb-src http://deb.debian.org/debian buster main contrib non-free
- deb http://deb.debian.org/debian-security buster/updates main
+
+deb http://deb.debian.org/debian buster-updates main contrib non-free
+deb-src http://deb.debian.org/debian buster-updates main contrib non-free
+
+deb http://deb.debian.org/debian-security buster/updates main contrib non-free
+deb-src http://deb.debian.org/debian-security buster/updates main contrib non-free

repo/common/pkgman/debian_11.list

@@ -1,20 +1,10 @@
-# deb cdrom:[Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 NETINST 20210814-10:07]/ bullseye main
+# Basic debian Bullseye reop
 
-#deb cdrom:[Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 NETINST 20210814-10:07]/ bullseye main
+deb http://debian.univ-tlse2.fr/debian/ bullseye main contrib non-free
+deb-src http://debian.univ-tlse2.fr/debian/ bullseye main contrib non-free
 
-deb http://debian.univ-tlse2.fr/debian/ bullseye main contrib
+deb http://security.debian.org/debian-security bullseye-security main contrib non-free
-deb-src http://debian.univ-tlse2.fr/debian/ bullseye main contrib
+deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free
 
-deb http://security.debian.org/debian-security bullseye-security main contrib
+deb http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib non-free
-deb-src http://security.debian.org/debian-security bullseye-security main contrib
+deb-src http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib non-free
-
-# bullseye-updates, to get updates before a point release is made;
-# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
-deb http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib
-deb-src http://debian.univ-tlse2.fr/debian/ bullseye-updates main contrib
-
-# This system was installed using small removable media
-# (e.g. netinst, live or single CD). The matching "deb cdrom"
-# entries were disabled at the end of the installation process.
-# For information about how to configure apt package sources,
-# see the sources.list(5) manual.

repo/common/pkgman/debian_12.list

@@ -0,0 +1,10 @@
+# Basic Debian Bookworm repo
+
+deb http://debian.univ-tlse2.fr/debian/ bookworm main contrib non-free non-free-firmware
+deb-src http://debian.univ-tlse2.fr/debian/ bookworm main contrib non-free non-free-firmware
+
+deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
+deb-src http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
+
+deb http://debian.univ-tlse2.fr/debian/ bookworm-updates main contrib non-free non-free-firmware
+deb-src http://debian.univ-tlse2.fr/debian/ bookworm-updates main contrib non-free non-free-firmware

repo/common/pkgman/devuan_3.list

@@ -5,5 +5,5 @@ deb-src http://fr.deb.devuan.org/merged beowulf main contrib non-free
 deb http://fr.deb.devuan.org/merged beowulf-updates main contrib non-free
 deb-src http://fr.deb.devuan.org/merged beowulf-updates main contrib non-free
 
-deb http://fr.deb.devuan.org/merged beowulf-backports main contrib non-free
+deb http://fr.deb.devuan.org/merged beowulf-security main contrib non-free
-deb-src http://fr.deb.devuan.org/merged beowulf-backports main contrib non-free
+deb-src http://fr.deb.devuan.org/merged beowulf-security main contrib non-free

repo/common/pkgman/devuan_4.list

@@ -5,5 +5,5 @@ deb-src http://fr.deb.devuan.org/merged chimaera main contrib non-free
 deb http://fr.deb.devuan.org/merged chimaera-updates main contrib non-free
 deb-src http://fr.deb.devuan.org/merged chimaera-updates main contrib non-free
 
-deb http://fr.deb.devuan.org/merged chimaera-backports main contrib non-free
+deb http://fr.deb.devuan.org/merged chimaera-security main contrib non-free
-deb-src http://fr.deb.devuan.org/merged chimaera-backports main contrib non-free
+deb-src http://fr.deb.devuan.org/merged chimaera-security main contrib non-free

repo/common/pkgman/devuan_5.list

@@ -1,9 +1,9 @@
 #
-deb http://fr.deb.devuan.org/merged daedalus main contrib non-free
+deb http://fr.deb.devuan.org/merged daedalus main contrib non-free non-free-firmware
-deb-src http://fr.deb.devuan.org/merged daedalus main contrib non-free
+deb-src http://fr.deb.devuan.org/merged daedalus main contrib non-free non-free-firmware
 
-#deb http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free
+deb http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware
-#deb-src http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free
+deb-src http://fr.deb.devuan.org/merged daedalus-updates main contrib non-free non-free-firmware
 
-#deb http://fr.deb.devuan.org/merged daedalus-backports main contrib non-free
+deb http://fr.deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware
-#deb-src http://fr.deb.devuan.org/merged daedalus-backports main contrib non-free
+deb-src http://fr.deb.devuan.org/merged daedalus-security main contrib non-free non-free-firmware

repo/common/pkgman/devuan_6.list

@@ -0,0 +1,10 @@
+deb http://fr.deb.devuan.org/merged excalibur main non-free-firmware contrib
+deb-src http://fr.deb.devuan.org/merged excalibur main non-free-firmware contrib
+
+deb http://fr.deb.devuan.org/merged excalibur-security main non-free-firmware contrib
+deb-src http://fr.deb.devuan.org/merged excalibur-security main non-free-firmware contrib
+
+# excalibur-updates, to get updates before a point release is made;
+# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
+deb http://fr.deb.devuan.org/merged excalibur-updates main non-free-firmware contrib
+deb-src http://fr.deb.devuan.org/merged excalibur-updates main non-free-firmware contrib

repo/hosts/biliran/rsyslog.conf

@@ -0,0 +1,103 @@
+#  /etc/rsyslog.conf	Configuration file for rsyslog.
+#
+#			For more information see
+#			/usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+module(load="imudp")
+input(type="imudp" port="514")
+
+# provides TCP syslog reception
+module(load="imtcp")
+input(type="imtcp" port="514")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*			/share/services/syslog/auth.log
+*.*;auth,authpriv.none		-/share/services/syslog/syslog
+cron.*				/share/services/syslog/cron.log
+daemon.*			-/share/services/syslog/daemon.log
+kern.*				-/share/services/syslog/kern.log
+lpr.*				-/share/services/syslog/lpr.log
+mail.*				-/share/services/syslog/mail.log
+user.*				-/share/services/syslog/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info			-/share/services/syslog/mail.info
+mail.warn			-/share/services/syslog/mail.warn
+mail.err			/share/services/syslog/mail.err
+
+# Miscelanious logging facilities
+
+local0.*                        /share/services/syslog/local0.log
+local1.*                        /share/services/syslog/local1.log
+local2.*                        /share/services/syslog/local2.log
+local3.*                        /share/services/syslog/local3.log
+local4.*                        /share/services/syslog/local4.log
+local5.*                        /share/services/syslog/local5.log
+local6.*                        /share/services/syslog/local6.log
+local7.*                        /share/services/syslog/local7.log
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+	auth,authpriv.none;\
+	news.none;mail.none	-/share/services/syslog/debug
+*.=info;*.=notice;*.=warn;\
+	auth,authpriv.none;\
+	cron,daemon.none;\
+	mail,news.none		-/share/services/syslog/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*